nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# HTTP version of the main registration server. We redirect to TLS port 8443 to
# avoid conflicting with tunneled domains.
server {
listen 80;
listen [::]:80;
server_name api.synk.xyz;
return 301 https://$server_name:8443$request_uri;
}
# This default server handles tunneled domains, i.e. myhost.mydomain.org.
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# return 301 https://$host$request_uri;
#}
# This is the main registration server.
#
# This section assumes you're using Let's Encrypt to generate a host
# certificate. Adjust accordingly if necessary.
server {
listen 8443 ssl http2 default_server;
listen [::]:8443 ssl http2 default_server;
server_name api.synk.xyz;
ssl_certificate "/etc/letsencrypt/live/api.synk.xyz/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/api.synk.xyz/privkey.pem";
# It is *strongly* recommended to generate unique DH parameters
# Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048
ssl_dhparam "/etc/pki/nginx/dhparams.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:81;
}
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
config.toml
[general]
host = "0.0.0.0"
http_port = 81
https_port = 0
domain = "synk.xyz"
db_path = "/home/user/data/domains.sqlite"
# Uncomment to use TLS
# identity_directory = "/home/user/config"
# identity_password = "mypassword"
[pdns]
api_ttl = 1
dns_ttl = 86400
tunnel_ttl = 60
socket_path = "/tmp/pdns_tunnel.sock"
caa_record = "0 issue \"letsencrypt.org\""
mx_record = ""
ns_records = [
[ "ns1.mydomain.org.", "5.6.7.8" ],
[ "ns2.mydomain.org.", "4.5.6.7" ],
]
# Uncomment to set a PSL authentication record
# psl_record = "https://github.com/publicsuffix/list/pull/XYZ"
# Check your DNS configuration to fill in this field.
soa_record = "ns1.mydomain.org. dns-admin.mydomain.org. 2018082801 900 900 1209600 60"
txt_record = ""
[pdns.geoip]
default = "5.6.7.8"
database = "/home/user/geoip/GeoLite2-Country.mmdb"
[pdns.geoip.continent]
AF = "1.2.3.4"
AN = "2.3.4.5"
AS = "3.4.5.6"
EU = "4.5.6.7"
NA = "5.6.7.8"
OC = "6.7.8.9"
SA = "9.8.7.6"
[email]
server = "mail.gandi.net"
user = "accounts@mydomain.org"
password = "******"
sender = "accounts@mydomain.org"
reclamation_title = "Reclaim your Mozilla WebThings Gateway Domain"
reclamation_body = """Hello,
<br>
<br>
Your reclamation token is: {token}
<br>
<br>
If you did not request to reclaim your gateway domain, you can ignore this email."""
confirmation_title = "Welcome to your Mozilla WebThings Gateway"
confirmation_body = """Hello,
<br>
<br>
Welcome to your Mozilla WebThings Gateway! To confirm your email address, navigate to <a href="{link}">{link}</a>.
<br>
<br>
Your gateway can be accessed at <a href="https://{domain}">https://{domain}</a>."""
success_page = """<!DOCTYPE html>
<html>
<head><title>Email Confirmation Successful!</title></head>
<body>
<h1>Thank you for verifying your email.</h1>
</body>
</html>"""
error_page = """<!DOCTYPE html>
<html>
<head><title>Email Confirmation Error!</title></head>
<body>
<h1>An error happened while verifying your email.</h1>
</body>
</html>"""
would you please suggest where I can see registration server log in docker?
I have run nginx on host now and removed from docker.
put database setup for sqlite on docker
and docker command
docker run
-d
-v /opt/docker/registration-server/config:/home/user/config
-v /opt/docker/registration-server/data:/home/user/data
-p 127.0.0.1:81:81
-p 443:4443
-p 53:53
-p 53:53/udp
–restart unless-stopped
–name registration-server-synk1
registration-server-synk1
In nginx , I found below error
2019/07/19 04:51:02 [error] 5710#5710: *115 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 219.65.62.52, server: api.synk.xyz, request: “GET /subscribe?name=rajan&email=a@x.mnn HTTP/2.0”, upstream: “http://127.0.0.1:81/subscribe?name=rajan&email=a@x.mnn”, host: “api.synk.xyz:8443”
2019/07/19 04:51:02 [error] 5710#5710: *115 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 219.65.62.52, server: api.synk.xyz, request: “GET /favicon.ico HTTP/2.0”, upstream: “http://127.0.0.1:81/favicon.ico”, host: “api.synk.xyz:8443”, referrer: “https://api.synk.xyz:8443/subscribe?name=rajan&email=a@x.mnn”