Hi all,
I have a question regarding the zima client. I am using NGINX as reverse proxy for the apps installed on my zimaboard 2. However, zima client does not work if i change the ports 80 and 443 for the UI access to something else. I need to free these ports for HTTP & HTTPS to work with nginx. Is there any solution or workaround for this situation? as of now i am using HTTP for the apps and HTTPS for zimaOS GUI Access. I would like to use HTTPS for both.
I had to press the enter key to change zima’s port 80 to 83 then I enabled https and then changed the port to 444 and press the save. Then restart the zimaOS box so it would release port 80 and port 443 in its arp table. Then I logged in to zimaOS on port 444 and installed Nginx proxy.
For names to work on the network the router should have a DNS server configured. Also the Zima box should be on a static or a reserved IP address. Use IP entries for the destination IP that is your zima box.
For https with the apps, I tried to force https but get an internal error so in a few days from now I will have time to investigate that, but I imagine the nginx proxy doesn’t have certificate generation or can not verify domain stapling.
May have to create a CA server for the internal network domain.
This i have already achieved. for https to work with NGINX you need a self signed certificate.
I have a separate device that works as a DNS/DHCP server which has all the DNS entries.
The problem is, if i change the ports, the zima client does not work. it wont connect to the zimaboard. I have to either give up port 80 or 443.
I gave up 80 and 443 for the nginx proxy and set the zimaOs ports on HTTPS 444 and HTTP 83. Its not generating a new cert for the name.domain I’m switching it to. As I get the error: SSL_ERROR_UNRECOGNIZED_NAME_ALERT which usually means its trying to use a different certificate (zimaos.local)
But I did notice I can’t mount zimaos.local via proxy as well.
There is something fundamentally wrong with this docker version. As it should generate certs and add them to its mariaDB table nginx proxy uses in the background in its normal operation. As it supposed to populate certs in the certificate tab automatically. Also it will not generate one manually through the web gui. Granted this is the first time I’ve tried to use it on a local network but that is its normal behavior.
I noticed I had to use a real email address as it throws an error in docker.
Also I got this error when I tried to get my mealie app into https (http working)
Invalid identifiers requested :: Cannot issue for “food.sdak”: Domain name does not end with a valid public suffix (TLD)
So this certificate engine wants only public domain addresses. so you can’t generate a certificate for .local or in my instance .sdak
So it looks like I need to spin up a step-ca or an OpenSSL CA so I can create certificates for the local only domain. Then manually load them in nginx proxy manager. knowing this if you want to use the existing zimaos certificate you would load that manually for the site zimaos.local in the proxy manager to use. That is why that doesn’t pass through the proxy from a different port.
So someone needs to fork nginx proxy manager with openSSL instead of let’s encrypt for a total automatic experience.
here is what I have for my installation all working in HTTPS:
and my openSSL certificates I created:
and of course my DNS entries in my bind9 instance in my router (IPFire)
When you move to a different port, it will be accessible on https://the_ip_address:port But you have to change them, rebood the zimaOS, then install the proxy to ensure port 80 and 443 are not used.
Thanks for your advice. let me try your way. Thanks!
