User avatar
techbytes
Lisker
Posts: 31
Joined: Thu Mar 24, 2016 11:49 pm
Contact: Website

Re: HowTo: Free SSL Certificate Creation and Configuration

Sat Apr 02, 2016 3:42 pm

Gr33nDrag0n wrote:
techbytes wrote:I'm trying this on one of my nodes but getting this error:

fatal 2016-04-02 08:18:02 Domain master { message: 'EACCES, permission denied \'/etc/letsencrypt/live/lisk.lisknode.info/privkey.pem\'',

Any ideas why? My domain is on Godaddy.
-tb-


I can try to help you. Were exactly do you have the problem. CReatin certificate or when launching lisk client after modification of the configuration ?


Got the error running lisk client after modification. Configurations setup was fine.


-tb-
"May the Forge Be With You"

User avatar
Gr33nDrag0n
Lisker
Posts: 123
Joined: Sat Mar 26, 2016 8:22 pm
Location: Quebec, Canada

Re: HowTo: Free SSL Certificate Creation and Configuration

Sat Apr 02, 2016 3:44 pm

redsn0w wrote:Where can I buy a cheap domain with bitcoin ?


as suggeted in the chat by videodrome, namecheap seem ok
Gr33nDrag0n | 194109334904015388L | Delegate | lisknode.io

User avatar
Gr33nDrag0n
Lisker
Posts: 123
Joined: Sat Mar 26, 2016 8:22 pm
Location: Quebec, Canada

Re: HowTo: Free SSL Certificate Creation and Configuration

Sat Apr 02, 2016 3:46 pm

techbytes wrote:
Gr33nDrag0n wrote:
techbytes wrote:I'm trying this on one of my nodes but getting this error:

fatal 2016-04-02 08:18:02 Domain master { message: 'EACCES, permission denied \'/etc/letsencrypt/live/lisk.lisknode.info/privkey.pem\'',

Any ideas why? My domain is on Godaddy.
-tb-


I can try to help you. Were exactly do you have the problem. CReatin certificate or when launching lisk client after modification of the configuration ?


Got the error running lisk client after modification. Configurations setup was fine.

-tb-


I seem to ba a permission issue. DO your node run as a user or as root ?

Because normally you created the certificate with root privileges and the default chmod on the files are 644.

So maybe first test would be to start your node using sudo bash lisk.sh start

is this work, you will know for sure that'S the reason and after you will be able to solve this by either changing default perm on the files or the context your node is running the client.

Another factor I can see, the files listed in the configuration are not the actual pem files but symbolic link to he real files under /etc/letsencrypt/archives. The 'real' permission apply to the file (chmod) are there. (Symbolic link is 777)
Gr33nDrag0n | 194109334904015388L | Delegate | lisknode.io

User avatar
techbytes
Lisker
Posts: 31
Joined: Thu Mar 24, 2016 11:49 pm
Contact: Website

Re: HowTo: Free SSL Certificate Creation and Configuration

Sat Apr 02, 2016 3:55 pm

Gr33nDrag0n wrote:
techbytes wrote:
Gr33nDrag0n wrote:
I can try to help you. Were exactly do you have the problem. CReatin certificate or when launching lisk client after modification of the configuration ?


Got the error running lisk client after modification. Configurations setup was fine.

-tb-


I seem to ba a permission issue. DO your node run as a user or as root ?

Because normally you created the certificate with root privileges and the default chmod on the files are 644.

So maybe first test would be to start your node using sudo bash lisk.sh start

is this work, you will know for sure that'S the reason and after you will be able to solve this by either changing default perm on the files or the context your node is running the client.

Another factor I can see, the files listed in the configuration are not the actual pem files but symbolic link to he real files under /etc/letsencrypt/archives. The 'real' permission apply to the file (chmod) are there. (Symbolic link is 777)


Nice, that was it, permission issue. I'm running it as user. So using sudo works.

Thanks!


-tb-
"May the Forge Be With You"

User avatar
redsn0w
Global Moderator
Posts: 202
Joined: Sat Apr 02, 2016 8:41 am
Contact: Website

Re: HowTo: Free SSL Certificate Creation and Configuration

Sat Apr 02, 2016 7:19 pm

check my subdomain :


- https://lisk.redsn0w.top


thanks again @Gr33nDrag0n !

User avatar
cc001
Lisker
Posts: 105
Joined: Sat Mar 12, 2016 12:48 pm

Re: HowTo: Free SSL Certificate Creation and Configuration

Sun Apr 03, 2016 5:52 pm

EDIT: Gr33nDrag0n rewrote his tutorial, including some of the following hints. So, if you follow his tutorial step-by-step, everything should run fine and you should not have to do any of the stuff I write here :)

Hey Gr33nDrag0n, great tutorial, thanks! There are two problems if you run lisk not as root, but as normal user though.
1. (I'm not totally sure if this step is really necessary, maybe someone could confirm?)
The certificate is not readable because the rights of the directories in /etc/letsencrypt/ prevent regular users from reading the content. I made them readable by executing the following command:
sudo chown -R <user>:<user> /etc/letsencrypt/ (replace <user> with your own username)

2. Regular non-root users don't have access to ports below 1024. SSL uses port 443, which is not accessible by a regular user. I solved this by redirecting traffic (with iptables rules) to the ssl port 443 to a unused port higher 1024 and let lisk work on this new higher port .
a) add following rules to your firewall:
sudo iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8061
(you can replace 8061 by your own port, higher 1024)
b) modify config.json:
vim <liskfolder>/config.json
"ssl": {
"enabled": true,
"options": {
"port": 8061,
"address": "0.0.0.0",
"key": "/etc/letsencrypt/live/<YOUR-DOMAIN>/privkey.pem",
"cert": "/etc/letsencrypt/live/<YOUR-DOMAIN>/fullchain.pem"
}
},

then restart your firewall and lisk and "https://<YOUR_DOMAIN>" should work
Last edited by cc001 on Mon Apr 04, 2016 4:59 am, edited 1 time in total.
My Delegate Node
My Websites:
My Scripts:
My Tutorials:
  • Secure basic setup of a delegate server
  • how to set up 'lisk-rake' (outdated)

User avatar
densmirnov
Lisker
Posts: 63
Joined: Tue Mar 08, 2016 3:35 am
Location: Moscow, Russia
Contact: Website Facebook Twitter Skype Google+

Re: HowTo: Free SSL Certificate Creation and Configuration

Sun Apr 03, 2016 6:09 pm

~cc001, good workaround, but why not simply use nginx as a reverse proxy with vesy easy setup?
MY DELEGATE PROPOSAL ••• LISKLOTTERY.WIN PUBLIC LOTTERY FOR LISK ••• LISK RUSSIA: FB, VK & TWITTER

User avatar
cc001
Lisker
Posts: 105
Joined: Sat Mar 12, 2016 12:48 pm

Re: HowTo: Free SSL Certificate Creation and Configuration

Sun Apr 03, 2016 6:22 pm

densmirnov wrote:~cc001, good workaround, but why not simply use nginx as a reverse proxy with vesy easy setup?


yeah, sure. Do you have a suggestion how to configure it?
My Delegate Node
My Websites:
My Scripts:
My Tutorials:
  • Secure basic setup of a delegate server
  • how to set up 'lisk-rake' (outdated)

User avatar
densmirnov
Lisker
Posts: 63
Joined: Tue Mar 08, 2016 3:35 am
Location: Moscow, Russia
Contact: Website Facebook Twitter Skype Google+

Re: HowTo: Free SSL Certificate Creation and Configuration

Sun Apr 03, 2016 7:50 pm

cc001 wrote:yeah, sure. Do you have a suggestion how to configure it?


Sure thing! The main benefit of Nginx is the fact that it takes care of transport optimization. It will do all the stuff with static resources caching and will do it fast! So after we installed and loaded Lisk let's run these commands:

$ apt-get update
$ sudo apt-get install nginx

That's it! Now configure it to forward all incoming requests on port 80 to our running Lisk node on port 7000. Delete default settings and then create new configuration.

$ sudo rm /etc/nginx/sites-enabled/default
$ sudo nano /etc/nginx/sites-available/lisk

This will open simple text editor where we need to paste the following code. Don't forget to change 'example.com' to your own domain!

Code: Select all

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         http://127.0.0.1:7000;
    }
}

Now press Ctrl + O then Enter to save file and Ctrl + X to exit. Next, we need to symlink our settings file to sites-enabled and restart Nginx so it can load our new settings.

$ sudo ln -s /etc/nginx/sites-available/node /etc/nginx/sites-enabled/lisk
$ sudo service nginx restart

Now our Lisk node will be avaliable just as any regular site!
MY DELEGATE PROPOSAL ••• LISKLOTTERY.WIN PUBLIC LOTTERY FOR LISK ••• LISK RUSSIA: FB, VK & TWITTER

Hoop
Lisker
Posts: 67
Joined: Sun Mar 27, 2016 11:42 am

Re: HowTo: Free SSL Certificate Creation and Configuration

Sun Apr 03, 2016 9:31 pm

redsn0w wrote:Where can I buy a cheap domain with bitcoin ?


Namecheap.com supports BTC - once you are logged in ( Profile → Billing → Balance → Bitcoin and fill up) (for extension I suggest .xyz it's on sale @ under a dollar for the first year and around 10$ after that).

Return to “Guides”

Who is online

Users browsing this forum: No registered users and 1 guest