Nginx Configuration

Hi,

I’m trying to learn how to configure Nginx so I can access Syncthing from the internet and not via a VPN and I have a few questions about the config file after installing via DietPi-Software.

So you know where I’m up to, I’ve installed the Nginx + SQL Lite stack and configured SSL certs using DietPi-LetsEncrypt. When I go to my domain name using a browser I’m seeing the Ngnix welcome page and it’s encrypted. So far so good, thanks for making this bit very easy.

Now when I open /etc/nginx/sites-enabled/default I see the below file and on line 11 is says “include /etc/nginx/sites-dietpi/*.conf;”. Does this mean I simply need to create a “some_file_name.conf” file in /sites-dietpi and nginx will know to use it? Or do I use the “Location” options in this file to configure the proxy_pass directive?

Thanks in advance for any guidance and if there are any other tips I should know about, please can you include them.

Cheers,
Dan

#D I E T - P I
# /etc/nginx/sites-available/default

server {

        root /var/www;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name *mydomain*.duckdns.org;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/*mydomain*.duckdns.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/*mydomain*.duckdns.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/*mydomain*.duckdns.org/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}


server {
    if ($host = *mydomain*.duckdns.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



        listen 80 default_server;
        listen [::]:80 default_server;

        server_name *mydomain*.duckdns.org;

basically best is to create your own configuration files inside /etc/nginx/sites-dietpi/.

That’s how we do it as well for software apps we install via our scripts

Hi Joulinar, I’ve been trying this to no avail, please can you share a sample conf file you use in /sites-dietpi and I should be able to get it working.

Many thanks

Currently I am out, will do later. Maybe, in meantime, you can share your configuration you tried.

Sure,

Following some tutorials and instructions from the syncthing documentation I’ve gone with this…

server {
        listen 80;
        listen [::]:80;

        server_name *mydomain*.duckdns.org;

        location /syncthing/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass              http://localhost:8384/;

        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        }
}

however when I run the test command “nginx -t” I’m getting the following error…

nginx: [emerg] "server" directive is not allowed here in /etc/nginx/sites-dietpi/syncthing.conf:1

Is this because most of the configuration I need is already in the /sites-available/default file?

What should I declare in the /sites-dietpi/syncthing.conf?

You need the location section only and not the whole server configuration as this will double thinks.

This is my syncthing.conf file now but even after reloading nginx it’s still only hitting the nginx welcome page when using my domain.

location /syncthing/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass              http://localhost:8384/;

        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        }

You need to specify the sub folder within your URL. That’s how you have it defined

http://your.domain.com/syncthing

Ahhh, yes that works and I get it now.

Just need to get the pi-hole web ui working with nginx now. I may need further assistance if I hit a wall.

Thanks,
Dan

Usually PiHole web interface should be reachable ootb as it is a normal web site, served by Nginx already. But it might be blocked for access from public internet due to security.

You could try http://your.domain.com/admin

That’s what I thought too but after removing Lighttpd and installing Nginx I couldn’t access the pi-hole GUI locally. Looking here https://docs.pi-hole.net/guides/webserver/nginx/ there is a guide on how to configure Nginx for pi-hole however after following that I’m getting a 502 bad gateway error from Nginx. very frustrating.

Don’t follow any guide from PiHole directly. We do it a little bit different to ensure functionality of other web applications as well. If you have set Nginx as web server preference, you could try to reinstall PiHole.

Right, I’m on it now. Will uninstall pi-hole + unbound, reinstall and report back.

a reinstall should be sufficient.

dietpi-software reinstall 93

Hi Joulinar,

Reinstall done successfully, I can see the pi-hole config files in /etc/nginx/sites-dietpi, however when browsing to either 192.168.0.2/admin/ or pi.hole/admin/ I’m still seeing errors.

When using the IP address I’m getting a 404 Not Found and when using pi.hole/admin it’s returning a “can’t find the server” error.

I did choose the restrict public access option during installation but that shouldn’t make a difference as I’m not interested in accessing externally.

Here is the installation log but nothing looks to have gone wrong.

[i] Pi-hole blocking will be enabled
  [i] Enabling blocking
  [✓] Pi-hole Enabled
  [i] Web Interface password: <removed>
  [i] This can be changed using 'pihole -a -p'

  [i] View the web interface at http://pi.hole/admin or http://192.168.0.2/admin

  [i] You may now configure your devices to use the Pi-hole as their DNS server
  [i] Pi-hole DNS (IPv4): 192.168.0.2
  [i] Pi-hole DNS (IPv6): fde9:39d:eb90:1:dea6:32ff:fef8:159
  [i] If you have not done so already, the above IP should be set to static.

  [i] The install log is located at: /etc/pihole/install.log
Installation Complete! 
[  OK  ] DietPi-Software | ./install.sh --disable-install-webserver
[  OK  ] DietPi-Software | rm install.sh
[  OK  ] DietPi-Software | Added setting BLOCKINGMODE=NULL to end of file /etc/pihole/pihole-FTL.conf
[  OK  ] DietPi-Software | pihole -l off
[ INFO ] DietPi-Software | Configuring Pi-hole to use Unbound
[  OK  ] DietPi-Software | sed -i /^[[:blank:]]*server=/d /etc/dnsmasq.d/01-pihole.conf
[  OK  ] DietPi-Software | Added setting server=127.0.0.1#5335 to end of file /etc/dnsmasq.d/01-pihole.conf
[  OK  ] DietPi-Software | systemctl restart pihole-FTL
[  OK  ] DietPi-Software | Setting in /etc/pihole/setupVars.conf adjusted: PIHOLE_DNS_1=127.0.0.1#5335
[  OK  ] DietPi-Software | sed -i /^[[:blank:]]*PIHOLE_DNS_2=/d /etc/pihole/setupVars.conf
[  OK  ] DietPi-Software | phpenmod xml sqlite3 intl
[  OK  ] DietPi-Software | cd /tmp/DietPi-Software
[  OK  ] DietPi-Software | curl -sSfL https://raw.githubusercontent.com/MichaIng/DietPi/master/.conf/dps_93/nginx.pihole.conf -o nginx.pihole.conf
[  OK  ] DietPi-Software | mv nginx.pihole.conf /etc/nginx/sites-dietpi/dietpi-pihole.conf
[  OK  ] DietPi-Software | cd /tmp/DietPi-Software
[  OK  ] DietPi-Software | curl -sSfL https://raw.githubusercontent.com/MichaIng/DietPi/master/.conf/dps_93/nginx.block_public_admin.conf -o nginx.block_public_admin.conf
[  OK  ] DietPi-Software | mv nginx.block_public_admin.conf /etc/nginx/sites-dietpi/dietpi-pihole-block_public_admin.off
[  OK  ] DietPi-Software | ln -sf /var/www/html/admin /var/www/admin
[  OK  ] DietPi-Software | ln -sf /var/www/html/pihole /var/www/pihole
[  OK  ] DietPi-Software | usermod -aG pihole www-data
  [✓] New password set
[ INFO ] DietPi-Software | The DNS query database logging duration is reduced to 2 days. If you require long-term query logs, read our docs about how to change the log duration:
- https://dietpi.com/docs/software/dns_servers/#pi-hole
[  OK  ] DietPi-Software | Added setting MAXDBDAYS=2 to end of file /etc/pihole/pihole-FTL.conf

Any thoughts?

Cheers,

Did you revert the changes you have done before following the PiHole own guide?

I’ve reinstalled nginx and pi-hole again and it’s now working. Many thanks for your assistance Joulinar.

Ok good it is working now. :smiley: