Hallo Forum,
folgende Installationvariante habe ich ausprobiert:
Port 80 und Port 443 mĂŒssen in Firewall von VPS Server frei gegeben werden.
Am Ende muss man eingeben:
sed -i '/ssl-cert-snakeoil/d' /etc/nginx/conf.d/nextcloud.conf
sed -i s/#\ssl/\ssl/g /etc/nginx/conf.d/nextcloud.conf
service nginx restart
Kann man diese mit coypy & paste tun, wenn man eine ssh Verbindung nutzt?
Optional: Einrichtung von SSL ĂŒber Letâs Encrypt
Bitte stellen Sie zuerst sicher, dass Ihr Server sowohl ĂŒber Port 80/TCP als auch ĂŒber Port 443/TCP von auĂen erreichbar ist.
Muss der Port 80 (http://) dauerhaft freigegeben sein?
MfG
nc-kay
Edit, 25. Feb. 2021: Port 80
Last updated: Jan 24, 2019 | See all Documentation
We occasionally get reports from people who have trouble using the HTTP-01 challenge type because theyâve firewalled off port 80 to their web server. Our recommendation is that all servers meant for general web use should offer both HTTP on port 80 and HTTPS on port 443. They should also send redirects for all port 80 requests, and possibly an HSTS header (on port 443 requests).
Allowing port 80 doesnât introduce a larger attack surface on your server, because requests on port 80 are generally served by the same software that runs on port 443.
Closing port 80 doesnât reduce the risk to a person who accidentally visits your website via HTTP. In normal circumstances, that person would receive a redirect to HTTPS, and their subsequent traffic will be protected. If that person was subject to an active MITM, the MITM would answer on port 80, so your site would never have a chance to answer âconnection refused.â
Lastly, keeping port 80 open in order to serve a redirect helps get people to the right version of your site (the HTTPS version). There are various situations beyond your control that might briefly land someone on the HTTP version of your site - for instance, automatic linkification in emails, or manually typing a domain name. Itâs better for them to get a redirect than an error.
Unfortunately, you might not have control over whether port 80 is blocked for your site. Some (mostly residential) ISPs block port 80 for various reasons. If your ISP does this but youâd still like to get certificates from Letâs Encrypt, you have two options: You can use DNS-01 challenges or you can use one of the clients that supports TLS-ALPN-01 challenges (on port 443).