· 6 years ago · Nov 02, 2019, 02:16 AM
100:36:32.018Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
2 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
3 at Object.checkServerIdentity (tls.js:239:17)
4 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
5 at TLSSocket.emit (events.js:198:13)
6 at TLSSocket.EventEmitter.emit (domain.js:466:23)
7 at TLSSocket._finishInit (_tls_wrap.js:636:8)
800:36:40.876Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
9 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
10 at Object.checkServerIdentity (tls.js:239:17)
11 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
12 at TLSSocket.emit (events.js:198:13)
13 at TLSSocket.EventEmitter.emit (domain.js:466:23)
14 at TLSSocket._finishInit (_tls_wrap.js:636:8)
1500:36:40.974Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
16 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
17 at Object.checkServerIdentity (tls.js:239:17)
18 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
19 at TLSSocket.emit (events.js:198:13)
20 at TLSSocket.EventEmitter.emit (domain.js:466:23)
21 at TLSSocket._finishInit (_tls_wrap.js:636:8)
2200:36:40.976Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
23 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
24 at Object.checkServerIdentity (tls.js:239:17)
25 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
26 at TLSSocket.emit (events.js:198:13)
27 at TLSSocket.EventEmitter.emit (domain.js:466:23)
28 at TLSSocket._finishInit (_tls_wrap.js:636:8)
2900:36:41.423Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
30 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
31 at Object.checkServerIdentity (tls.js:239:17)
32 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
33 at TLSSocket.emit (events.js:198:13)
34 at TLSSocket.EventEmitter.emit (domain.js:466:23)
35 at TLSSocket._finishInit (_tls_wrap.js:636:8)
3600:36:42.359Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
37 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
38 at Object.checkServerIdentity (tls.js:239:17)
39 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
40 at TLSSocket.emit (events.js:198:13)
41 at TLSSocket.EventEmitter.emit (domain.js:466:23)
42 at TLSSocket._finishInit (_tls_wrap.js:636:8)
4300:42:30.498Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
44 Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
45 at Object.checkServerIdentity (tls.js:239:17)
46 at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
47 at TLSSocket.emit (events.js:198:13)
48 at TLSSocket.EventEmitter.emit (domain.js:466:23)
49 at TLSSocket._finishInit (_tls_wrap.js:636:8)
50
51
52
53there is a hundred of these Thadaemon is running on https://celtickraft.ca the panel is running on https://admin.celtickraft.ca same ip 95.216.68.22. The panel was moved from its own nginx server block.
54
55
56----------------------------------------
57core,json is presently set:
58
59{
60 "web": {
61 "host": "0.0.0.0",
62 "listen": 8080,
63 "ssl": {
64 "enabled": true,
65 "certificate": "/etc/celtickraft.ca/celtickraft.ca.chained.pem;",
66 "key": "/etc/celtickraft.ca/celtickraft.ca.pem;"
67 }
68 },
69 "docker": {
70 "container": {
71 "user": 999
72 },
73 "network": {
74 "name": "pterodactyl_nw"
75 },
76 "socket": "/var/run/docker.sock",
77 "autoupdate_images": true,
78 "timezone_path": "/etc/timezone",
79 "interface": "172.18.0.1"
80 },
81 "filesystem": {
82 "server_logs": "/tmp/pterodactyl"
83 },
84 "internals": {
85 "disk_use_seconds": 30,
86 "set_permissions_on_boot": true,
87 "throttle": {
88 "enabled": true,
89 "kill_at_count": 5,
90 "decay": 10,
91 "lines": 1000,
92 "check_interval_ms": 100
93 }
94 },
95 "sftp": {
96 "path": "/srv/daemon-data",
97 "ip": "0.0.0.0",
98 "port": 2022,
99 "keypair": {
100 "bits": 2048,
101 "e": 65537
102 }
103 },
104 "logger": {
105 "path": "logs/",
106 "src": false,
107 "level": "info",
108 "period": "1d",
109 "count": 3
110 },
111 "remote": {
112 "base": "https://admin.celtickraft.ca"
113 },
114 "uploads": {
115 "size_limit": 100
116 },
117 "keys": [
118 "aoQcuKLQygcbhdyVfmgLhtJXieGs5BxrJ8rZ"
119 ]
120}
121
122------------------------------
123pterodactyl.conf below
124
125#server_tokens off;
126
127server {
128 listen 80;
129 server_name admin.celtickraft.ca;
130 return 301 https://$server_name$request_uri;
131}
132
133server {
134 listen 443 ssl http2;
135 # listen 127.0.0.1:8000 ssl http2;
136 server_name admin.celtickraft.ca;
137 root /var/www/pterodactyl/public;
138 index index.php;
139
140 access_log /var/log/nginx/pterodactyl.app-access.log;
141 error_log /var/log/nginx/pterodactyl.app-error.log error;
142
143 # allow larger file uploads and longer script runtimes
144 client_max_body_size 100m;
145 client_body_timeout 120s;
146
147 sendfile off;
148
149 # SSL Configuration
150 ssl_certificate /etc/letsencrypt/live/admin.celtickraft.ca/fullchain.pem;
151 ssl_certificate_key /etc/letsencrypt/live/admin.celtickraft.ca/privkey.pem;
152 ssl_session_cache shared:SSL:10m;
153 ssl_protocols TLSv1.2;
154 ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
155 ssl_prefer_server_ciphers on;
156
157 # See https://hstspreload.org/ before uncommenting the line below.
158 # add_header Strict-Transport-Security "max-age=15768000; preload;";
159 add_header X-Content-Type-Options nosniff;
160 add_header X-XSS-Protection "1; mode=block";
161 add_header X-Robots-Tag none;
162 add_header Content-Security-Policy "frame-ancestors 'self'";
163 add_header X-Frame-Options DENY;
164 add_header Referrer-Policy same-origin;
165
166 location / {
167 try_files $uri $uri/ /index.php?$query_string;
168 }
169
170 location ~ \.php$ {
171 fastcgi_split_path_info ^(.+\.php)(/.+)$;
172 fastcgi_pass unix:/run/php/php7.2-fpm.sock;
173 fastcgi_index index.php;
174 include fastcgi_params;
175 fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
176 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
177 fastcgi_param HTTP_PROXY "";
178 fastcgi_intercept_errors off;
179 fastcgi_buffer_size 16k;
180 fastcgi_buffers 4 16k;
181 fastcgi_connect_timeout 300;
182 fastcgi_send_timeout 300;
183 fastcgi_read_timeout 300;
184 include /etc/nginx/fastcgi_params;
185 }
186
187 location ~ /\.ht {
188 deny all;
189 }
190}
191
192this is where panel lives
193
194-----------------------------------------
195
196 server {
197 listen 80;
198 listen [::]:80;
199 return 301 https://$host$request_uri;
200 }
201
202 server {
203 listen 443 ssl http2;
204 listen [::]:443 ssl http2;
205 server_name celtickraft.ca www.celtickraft.ca;
206 root /var/www/celtickraft.ca/public;
207
208 # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
209 ssl_certificate /etc/celtickraft.ca/celtickraft.ca.chained.pem;
210 ssl_certificate_key /etc/celtickraft.ca/celtickraft.ca.key;
211 ssl_session_timeout 1d;
212 ssl_session_cache shared:SSL:10m;
213 ssl_session_tickets off;
214
215 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
216 # ssl_dhparam /path/to/dhparam.pem;
217
218 # intermediate configuration. tweak to your needs.
219 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
220 ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
221 ssl_prefer_server_ciphers on;
222
223 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
224 add_header Strict-Transport-Security max-age=15768000;
225
226 resolver 8.8.8.8;
227
228 proxy_set_header Host $http_host;
229 proxy_set_header X-Real-IP $remote_addr;
230 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
231
232 location /admin.celtickraft.ca/ {
233 proxy_http_version 1.1;
234
235 proxy_set_header Upgrade $http_upgrade;
236 proxy_set_header Connection "upgrade";
237
238 proxy_pass "http://admin.celtickraft.ca/localhost:8000/";
239 }
240
241 location /forums.celtickraft.ca/ {
242 proxy_http_version 1.1;
243
244 proxy_set_header Upgrade $http_upgrade;
245 proxy_set_header Connection "upgrade";
246
247 proxy_pass "http://localhost:8001/forums.celtickraft.ca/";
248 }
249
250 location /api/ {
251 proxy_pass "http://localhost/api/";
252 }
253
254 error_page 404 /404.html;
255 location = /40x.html {
256 }
257
258 error_page 500 502 503 504 /50x.html;
259 location = /50x.html {
260 }
261 }
262
263-------------------------------------------------------
264
265hosts
266
267### Hetzner Online GmbH installimage
268# nameserver config
269# IPv4
270127.0.0.1 localhost.localdomain localhost
27195.216.68.22 Ubuntu-1804-bionic-64-minimal
272#
273# IPv6
274::1 ip6-localhost ip6-loopback
275fe00::0 ip6-localnet
276ff00::0 ip6-mcastprefix
277ff02::1 ip6-allnodes
278ff02::2 ip6-allrouters
279ff02::3 ip6-allhosts
2802a0