aawaf ssl instalation

aaP_pedebray

Hello,
I am trying to install an SSL certificate from ZeroSSL for my server's IP address running aaWAF. I have already modified the configuration as follows:

server {
listen 80;
listen 443 ssl;
server_name 127.0.0.256; # default server_name from aaWAF

ssl_certificate /etc/ssl/certificate.crt;
ssl_certificate_key /etc/ssl/private.key;
ssl_trusted_certificate /etc/ssl/ca_bundle.crt;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

# Other SSL settings
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

# Your website's root directory
root /var/www/html;

# Other server settings
index index.php index.html index.htm;
location / {
    try_files $uri $uri/ =404;
}

# PHP-FPM settings
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}

# Additional settings
location ~ /\.ht {
    deny all;
}

}

However, I am encountering issues with the configuration. Could someone please provide guidance on how to properly install an SSL certificate for my aaWAF server's IP address?
Thank you.

aaPanel_Kern

Hello, try to modify this configuration file and add the # comment to listen 443 ssl http2;. And reloading nginx: btw nginx_reload can solve it?
/www/cloud_waf/nginx/conf.d/vhost/0.default.conf

aaP_pedebray

aaPanel_Kern already make changes at
/www/cloud_waf/nginx/conf.d/vhost/0.default.conf

server {
listen 80;
listen [::]:80;
server_name 149.28.xxx.x;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 149.28.xxx.x;

index index.html;

root /www/wwwroot/nginx/;

ssl_certificate    /www/wwwroot/nginx/fullchain.pem;
ssl_certificate_key    /www/wwwroot/nginx/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497  https://$host$request_uri;

access_log /dev/null;
error_log /dev/null;

location /dashboard {
    try_files $uri $uri/ =404;
}

}

place ssl into /www/cloud_waf/wwwroot/nginx/fullchain.pem
/www/cloud_waf/wwwroot/nginx/privkey.pem
not effected still access from http

if 0.default.conf set to
ssl_certificate /www/cloud_waf/wwwroot/nginx/fullchain.pem
ssl_certificate_key /www/cloud_waf/wwwroot/nginx/privkey.pem

failed to reload btw nginx_reload

trying access panel with ssl still can't
any solution for that ?

aaPanel_Kern

Hello, please follow my tips to modify it. Please do not use the host's path in the container.
If you want to modify the certificate, please check the corresponding mapping directory and modify its files

aaP_pedebray