Nginx setup help required

EDIT:

I decided to move to an Ubuntu server. I installed Ngnix and Certbot and I have a certificate now. However this shows up instead of my website: https://i.imgur.com/qJgwZtG.png

Here’s a pastebin showing the contents of /etc/nginx/sites-available/default - https://pastebin.com/jJ8muBem

My Python Flask application is running on port 5000. The Flask application is in /home/ubuntu/website/ and the HTML files are in /home/ubuntu/website/templates

Does anyone know what I need to change in the nginx default file? (shown in the pastebin link)

OLD POST:

I have a website https://onlineaudioconverter.net/ where the user can upload audio and video files to convert them. The 100MB upload limit can be a problem. The only way to bypass the limit (without paying for a paid account) is if I stop using Cloudflare. So I’ve been trying to get https outside of Cloudflare.

My website uses Python+Flask in the backend. It’s running on an Amazon AWS server (Windows Server 2019).

I’ve tried sslforfree.com and zerossl.com and I’m told to create the directory .well-known\win-acme in the web root and then download and put a file there (which has no file extension and contains a bunch of random characters). https://i.imgur.com/gW0wH5R.png (steps 2 and 3).

Not sure what the web root is. I’m assuming it’s where my main.py is so I created a folder in the same directory as main.py called “.well-known” and a subfolder called “acme-challenge”. I put the file in that folder and proceeded to step 5 (visiting the URL they provide):

But I get the following error: https://i.imgur.com/r01qMlc.png

The URL that it tries to access is: http://onlineaudioconverter.net/.well-known/acme-challenge/[the name of that file]

I’m assuming it doesn’t work because things work differently in Flask and simply creating the directories with that file in it is not sufficient. Perhaps I need to make an @app.route?

I seriously hope you have HTTPS on your server, regardless of Cloudflare.

In this case you can move away from Cloudflare at any time. If you dont have a certificate your site still is insecure and you should get a certificate regardless of whether you stay on Cloudflare or not.

@sandro
I don’t have HTTPS on my Server. I’m using Amazon AWS (Windows Server 2019). I tried making a certificate using win-acme but I get the error:
“Error: Issuance for IP addresses not supported”

I get the same error with zerossl.com

And CertBot doesn’t work with Windows servers.

Does anybody know how I can get a certificate on my Amazon AWS Windows Server?

You can simply have an origin certificate issued from Cloudflare. In that way you really dont have to do much and you can still use “Full strict” on Cloudflare, however this will also require proxying and the certificate wont be valid outside of Cloudflare. If you definitely want to move away, that wont be an option.

@sandro
It seems as if I have to move away to escape the 100MB upload limit? Paying for a premium Cloudflare account to have a higher upload limit doesn’t make sense as I’m not making any money from my website.

Do you know of a free way that I can get https outside of Cloudflare?

I get the error “Issuance for IP addresses not supported” when trying to use another service. Any idea why I’m getting this error?

Lets Encrypt offers certificates which are publicly valid.

They recommend CertBot (which doesn’t work with a Windows Server). One of the other tools they recommend is win-acme but I get the error that I mentioned. I don’t think any tool will work due to “Issuance for IP addresses not supported”

If anyone knows what exactly that means and what the solution is, I’d love to know.

Thank you for the speedy replies, @sandro

You cant have a certificate issued for an IP address, you’d need to specify your domain.

EDIT:

I’ve managed to get the certificate set up. However, iinstead of my website showing up, this shows up: https://i.imgur.com/qJgwZtG.png

Here’s a pastebin showing the contents of /etc/nginx/sites-available/default - https://pastebin.com/jJ8muBem

My Python Flask application is running on port 5000. The Flask application is in /home/ubuntu/website/ and the HTML files are in /home/ubuntu/website/templates

What do I need to change in the nginx default file?

Some background:

Initially the port that Flask was using was 80. But during the installation of Nginx, it wanted port 80, so I changed the port of my Flask app to 5000. Perhaps I need to change the port back to 80? But the thing is, if I change the port to 80, when I try to run the Flask app as it will say that port 80 is already being used (by Nginx). I can kill the Nginx processes that are using port 80 but doesn’t Nginx need to be running for the SSL to work? To be honest, I don’t know how Nginx works. I’m very new to this.

That question really is better fit for StackExchange than here.

2 Likes

I decided to move to an Ubuntu server. I installed Ngnix and Certbot and I have a certificate now. However this shows up instead of my website: https://i.imgur.com/qJgwZtG.png

Here’s a pastebin showing the contents of /etc/nginx/sites-available/default - https://pastebin.com/jJ8muBem

My Python Flask application is running on port 5000. The Flask application is in /home/ubuntu/website/ and the HTML files are in /home/ubuntu/website/templates

Does anyone know what I need to change in the nginx default file? (shown in the pastebin link)

Some background:

Initially the port that Flask was using was 80. But during the installation of Nginx, it wanted port 80, so I changed the port of my Flask app to 5000. Perhaps I need to change the port back to 80? But the thing is, if I change the port to 80, when I try to run the Flask app as it will say that port 80 is already being used (by Nginx). I can kill the Nginx processes that are using port 80 but doesn’t Nginx need to be running for the SSL to work? To be honest, I don’t know how Nginx works. I’m very new to this.