Subj : Lets Encrypt and NPM
To : poindexter FORTRAN
From : echicken
Date : Tue May 21 2024 02:26 am
Re: Lets Encrypt and NPM
By: poindexter FORTRAN to All on Thu May 16 2024 00:30:49
PF> I set up Nginx Proxy Manager and have it proxying for my internal hosts.
PF> It can register certs for my internal hosts.
PF> Instead of running SSL natively on Synchronet, would anything break by
PF> just running http internally and using NPM to manage certificates and then
PF> pass on HTTPS traffic to HTTP internally?
I don't use Nginx Proxy Manager, but I do use nginx in this configuration and have done on and off for 10+ years. As long as you're not paranoid about someone capturing the traffic between proxy and upstream, it's fine.
Websockets (ie. for ftelnet) will break, but that's fixable. My current solution is a separate upstream that points at my plain websocket server (port 1123), and a server{} block that listens on eg. port 1124 and does SSL reverse proxying to that upstream. webv4 has a 'wssp' setting that forces the WSS port (eg. to 1124) for this exact scenario.
This is where NPM might get in your way. I chatted with someone who was using NPM and couldn't make it do the needful re: websockets. I suspect it was sacrificing this level of configurability in favour of user-friendliness. I didn't dig deep into that because I don't use NPM and don't want to.
IMHO nginx configs are quite easy to manage by hand on a small scale like you'd typically find in BBS-land. I suspect you'd be doing yourself a favour by just taking NPM out of the mix and using nginx on its own. I can share my settings with you if you like.
