SSL Nginx - can anyone post working config for Debian - SOLVED

Raspbianuser · 18 August 2025 13:05

I’m having a hard time getting SSL working, for several reasons.
For one I cannot use certbot or any online SSL. So I`m going to get the certificates from another source (Big offline 90% windows network - so the administrator will create somekind of certificate)

So If anyone have a working nginx config they can post that would be fantastic so I have something that works 100%. The official guide really confuses me.

Raspbianuser · 19 August 2025 08:25

This is my librenms.vhost

server {
 listen      80;
 listen      [::]:443 ssl;
 include snippets/self-signed.conf;
 include snippets/ssl-params.conf;
 server_name sub.domain.com;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd t> location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location ~ [^/]\.php(/|$) {
  fastcgi_pass unix:/run/php-fpm-librenms.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  include fastcgi.conf;
 }
 location ~ /\.(?!well-known).* {
  deny all;
 }
}

and this is my conf.d/librenms


server {
    listen         80;
    listen         [::]:80;
    server_name    sub.domain.com;
    return         301 https://$server_name$request_uri;
}


server {
 listen              443 ssl http2;
 listen              [::]:443 ssl http2;
 include snippets/self-signed.conf;
 include snippets/ssl-params.conf;
 server_name sub.domain.com;
 root        /opt/librenms/html;
 index       index.php;
 access_log  /opt/librenms/logs/access_log;
 error_log   /opt/librenms/logs/error_log;
}

But I cannot even connect to the server

And netstat -tulpn shows me that nginx tcp6 has a open port on 443 but not tcp4

Wolfraider · 19 August 2025 19:05

This is my librenms.vhost file

server {
 listen      443 ssl http2;
 server_name librenms.example.com;
 root        /opt/librenms/html;
 index       index.php;

 ssl_certificate /etc/ssl/STAR_netviscom_com.pem;
 ssl_certificate_key /etc/ssl/STAR_netviscom_com.key;


 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location ~ [^/]\.php(/|$) {
  fastcgi_pass unix:/run/php-fpm-librenms.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_param  PHP_VALUE "memory_limit=4098M";
  include fastcgi.conf;
 }
 location ~ /\.(?!well-known).* {
  deny all;
 }
}

server {
 listen      80;
 server_name librenms.example.com;
 return 301  https://librenms.example.com$request_uri;

 location /nginx-status {
  stub_status on;
  access_log   off;
  allow 127.0.0.1;
  deny all;
 }

}

Raspbianuser · 20 August 2025 06:33

Thanks for the reply @Wolfraider - what does your /etc/nginx/conf.d/domain.conf look like?

Edit: my issue it that the index.php downloads! So there is perhaps a small php-config error at one config!

Raspbianuser · 20 August 2025 06:53

So this my new configs:

My /etc/nginx/conf.d/librenms.conf

server {
  listen 80;
  listen [::]:80;
  server_name sub.domain.com;
  return 301 https://$host$request_uri;

}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name sub.domain.com;
  root        /opt/librenms/html;
  index       index.php;
  access_log  /opt/librenms/logs/access_log;
  error_log   /opt/librenms/logs/error_log;
  ssl_certificate /etc/nginx/certs/sub.domain.com.crt;
  ssl_certificate_key /etc/nginx/certs/sub.domain.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
}

And my /etc/nginx/sites-enabled/librenms.vhost (from @Wolfraider )

server {
 listen      443 ssl http2;
 server_name sub.domain.com;
 root        /opt/librenms/html;
 index       index.php;

 ssl_certificate /etc/nginx/certs/sub.domain.com.crt;
 ssl_certificate_key /etc/nginx/certs/sub.domain.com.key;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xs> location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location ~ [^/]\.php(/|$) {
  fastcgi_pass unix:/run/php-fpm-librenms.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_param  PHP_VALUE "memory_limit=4098M";
  include fastcgi.conf;
 }
 location ~ /\.(?!well-known).* {
  deny all;
 }
}

server {
 listen      80;
 server_name sub.domain.com;
 return 301  https://sub.domain.com$request_uri;

 location /nginx-status {
  stub_status on;
  access_log   off;
  allow 127.0.0.1;
  deny all;
 }

}

But still the index.php downloads! should the .vhost file and .conf-file be similar like this?

Edit: /etc/nginx/sites-available/ is empty - just for the record

Wolfraider · 20 August 2025 11:46

I don’t have one. I have my librenms.vhost under site-enabled and that’s it. I used the direcctions under Installing LibreNMS - LibreNMS Docs and added SSL and 443 redirect.

Raspbianuser · 20 August 2025 13:35

That is what I conclued as well, there is none. I removed the file in /etc/nginx/conf.d/librenms.conf and all the sudden everything works.

system · 18 November 2025 13:36

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.