[SOLVED] Clarification on nginx reverse proxy and meshcentral/certbot

[renueman]

Setup:
Internet <------> abc.athome.net <---------> VM remote.something.info

1. abc.athome.net - server/router (debian) with nginx installed and performing reverse proxy to remote.something.net
   2.remote.something.info (debian)running meshcentral.

Installed and ran certbot (certbot --nginx -d remote.something.info) while logged on abc.athome.net . Before doing so checked with letsdebug and got green light. Chose #2 to make changes to ../sites-available/remote.something.info
restart nginx and then meshcentral I get:

Meshcentral startup error:
Failed to load web certificate at: "https://remote.something.info", host: "remote.something.info"

relevant config.json statements:

"cert": "remote.something.info",
"certUrl": "https://remote.something.info",

Im thinking I screwed up because abc.home.net is a incorrect domain name to use (its legacy to my network) and will cause problems with certs and possibly remote agents.

Fix?
rename abc.athome.net to something like abc.something.info / update

"cert": "remote.something.info",
"certUrl": "https://abc.something.info",

Sorry to sound stupid but I am self taught and just missing some puzzle pieces.

[si458]

certURL should be set to the URL of the nginx proxy (the domain that the devices connect to) https://abc.athome.net
and cert should also be set to the domain that the devices connect too as well abc.athome.net
so i think in your case it should be abc.athome.net because to access the VM at remote.something.info, they need to access abc.athome.net FIRST - hense reverse proxying!

[renueman]

Thank you for the reply. It can be embarrassing knowing the little pieces of a puzzle but missing a large one :)

I have devices connecting to remote.something.info (was earlier done by forwarding ports 80/443 to remote.something.info) which is the VM and nginx on abc.athome.net. DNS set up for external ip to internet and remote.something.info. So, Its pretty much all incorrect I guess. I will have to correct some blaring issues :( .

[renueman]

To run a quick test I set "certUrl": "https://10.0.1.1",
This did provide the certs. So, Now I understand that some domain changes on my internal network are needed to fix this. I would rather change my domain internally from athome.net to my registered domain (I just call 'something.info).

Thank you for helping me with a rather large puzzle piece in "learning". :)

[renueman]

I have done it. :) :) :)
Sometimes you just have to spend two weeks, Massive amounts of coffee.
My problem was not understanding certs very well and the relationship between nginx and meshcentral.

1. I had to change the domain of my legacy home networked/VM's so they all match with appropriate DNS settings in the hosts file.
2. I had been totally wrong about which FQDN to add a record for at my domain register.
3. The config for nginx was missing important lines that were mentioned in the user guild concerning websocket configuration over https.
4. I did a massive two week crash course on the finer details of DNS and Certs.

My Meshcentral is now up and running. I have some clean up to do as per removing some old agents on some remote computer workstations.
@si458 - I want to thank you for responding to my post. Sometimes just one missing piece of the pie makes everything jog together.
@Ylianst - I want to thank you for such great software. I have waited (and paying TV blood money) for about two years for something like this.

[Ylianst]

Nice and thank you. Glad MeshCentral is helpful. For anyone else, I have a YouTube video covering the basics of MeshCentral and reverse-proxies here. I setup NGINX in the video, but the same theory should apply to any other reverse proxy.