Hello Ludovic, Ludovic Courtès <l...@gnu.org> writes:
> Hello, > > Clément Lassieur <clem...@lassieur.org> skribis: > >> https://berlin.guixsd.org:8081/ times out. > > Note that Cuirass listens on localhost:8081, so you cannot reach it from > the outside (and it’s HTTP, too.) There’s nginx that proxies things, > see guix-maintenance.git. Ha :-) I had forgotten about it! So it's not a bug at all, closing it. > Now, with the version currently running, I can tell you that this URL is > not very interesting: > > --8<---------------cut here---------------start------------->8--- > $ wget -O - http://localhost:8081 > --2018-07-23 11:06:22-- http://localhost:8081/ > Resolving localhost (localhost)... 127.0.0.1 > Connecting to localhost (localhost)|127.0.0.1|:8081... connected. > HTTP request sent, awaiting response... 404 Not Found > 2018-07-23 11:06:22 ERROR 404: Not Found. > --8<---------------cut here---------------end--------------->8--- > > :-) Well yes, I was expecting 404, because even though it's not very interesting, it shows that the url handler works. > Is the Web UI already in the current ‘cuirass’ package? Soon! But I think we should change the NGINX config nonetheless because the json API is useful. > If so, what do we need to change in the nginx config? I guess we could add: --8<---------------cut here---------------start------------->8--- server { listen 8081 ssl; server_name berlin.guixsd.org; ssl_certificate /etc/letsencrypt/live/berlin.guixsd.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/berlin.guixsd.org/privkey.pem; # Make sure SSL is disabled. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Disable weak cipher suites. ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # Use our own DH parameters created with: # openssl dhparam -out dhparams.pem 2048 # as suggested at <https://weakdh.org/sysadmin.html>. ssl_dhparam /etc/dhparams.pem; access_log /var/log/nginx/https.access.log; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://localhost:8081; } } --8<---------------cut here---------------end--------------->8--- I can do the commit if you want (and agree with the content), as you wish. Clément
