all 19 comments

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (18 children)

Hey maam. This will not help, htaccess is for Apache only and reddit uses nginx.

I imagine that if you get Reddit setup correctly, this 'inconsistent server configuration' issue will go away. Right now Reddit is not running. Reddit code will handle redirecting http to https.

If you want to pass along your Reddit and nginx configs I can take a look. Don't send me your database password tho, which is in development.update.

[–]portcity[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Thank you so much for helping me. Here is the /etc/nginx/nginx.conf file: user www-data; worker_processes 4; pid /run/nginx.pid;

events { worker_connections 768; # multi_accept on; }

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml$

## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ##

    #include /etc/nginx/naxsi_core.rules;

    ##
    # nginx-passenger config
    ##
    # Uncomment it if you installed nginx-passenger
    ##

    #passenger_root /usr;
    #passenger_ruby /usr/bin/ruby;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}

mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities "TOP" "USER";

# imap_capabilities "IMAP4rev1" "UIDPLUS";

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

}

[–]portcity[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (16 children)

I haven't figured out which one is the reddit config file yet, after an hour looking. I'm hesitant to clog up your inbox asking a ton of questions because I know your time and expertise are valuable! :( Julie

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (15 children)

This is your main Reddit config file: /home/reddit/src/reddit/r2/development.update (beware, DB pass in here)

And this is the nginx file where you need to plug in your new SSL cert paths: /etc/nginx/sites-available/reddit-ssl

Don't worry about my time, I'll stop responding if need be. Your success helps our success and helps support free speech worldwide.

[–]portcity[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (14 children)

/home/reddit/src/reddit/r2/development.update

Really admire your commitment to these principles. Here is the development.update file: https://pastebin.com/7ErubFaD And here is the nginx: https://pastebin.com/5Z3Suycu So grateful to you!

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (13 children)

I thought that respecting "free speech" was a widely shared principle, but after a couple of years of Trump everyone is dropping like flies. Anyway...

Your development.update looks good as far as SSL and your domain name. For nginx, we need to update the paths to your SSL cert (in /etc/nginx/sites-available/reddit-ssl) and then restart nginx.

So change:

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

To something like this, depending on where your cert ended up. Certbot prints where it is at the end, but it's probably:

ssl_certificate /etc/letsencrypt/live/portcity.online/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portcity.online/privkey.pem;

And then run the old

$ sudo service nginx restart

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (12 children)

I tried to run certbot again and got the following errors: https://pastebin.com/50NdbGTn So then I decided to change the lines you listed above in /etc/nginx/sites-available/reddit-ssl and I got these errors: https://pastebin.com/KHPT94z7 As for this recent era in free speech ... I can't get over how the Trump people are both destroying our free speech protections (with Sesta/Fosta, lots of other examples) and simultaneously trying to claim to be free speech victims, when they are challenged or rejected for their views. It's sickening. Thanks again -- J

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (11 children)

Try running certbot like this:

$ sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

Although you don't need all of these subdomains. The DNS challenge bit means you will need to add DNS records with your domain registrar. Certbot will tell you exactly what to add.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

I got sudo: certbot: command not found :(

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I will add this stuff to the README

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (7 children)

sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

I just can't seem to get this right. After installing certbot, and running the long command quoted above, and entering 4 TXT files at my domain registrar, I get these errors: https://pastebin.com/HHcVnJB9

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

You've gotta use your own domain, not SaidIt.net ! You will need to update those DNS records when you try again.

[–]portcity[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (5 children)

lmao how fast can I wear out my welcome ... I'm certainly trying, aren't I?