Hi Mathew, On Sat, Feb 19, 2022 at 10:49 PM Mathew Cox <edmondshire@live.com> wrote:
The directions I was using was the following:
https://ledgersmb.org/content/installing-ledgersmb-19
Where things broke down for me was from the sections titled “Configuring a Reverse Proxy” all the way to the end. I had initially ignored the reverse proxy section and that didn’t really suit my purposes.
Ok. So, I think the quickest and simplest way to resolve your situation is to change the content of your "ledgersmb-starman.service" file. If you change the line --listen localhost:5762 \ to --port 5762 \ and run systemctl daemon-reload and then restart the service (systemctl restart ledgersmb-starman), you should see netstat output with column 4 " 0.0.0.0:5762" and column 5 "0.0.0.0:*" for the ledgersmb starman server. You should also be able to access the service from any other devices on your home network. Please note that your password can be snooped by anybody with access to your network with this setup (at login time) because the connection won't be encrypted to the server. (I already understood you to be aware of this, but whoever reads this conversation on the mailing list, might have missed that earlier part of the conversation.)
There is much I don’t understand from this point because I can simply go to the machine address (192.168.88.15) and I get the standard nginx greeting.
Everything else has worked flawlessly.
There's just a single other downside to not using the proxy: when using the proxy, the static assets will be served by the ledgersmb-starman instead of by Nginx and in terms of speed and resource use, nginx is much faster and more efficient. The one time this is most noticeable is when you log in, so if you're satisfied with the login speed you get, then there's no reason to try to set up the reverse proxy for that purpose.
I did try and connect through port (http://192.168.88.15:5762) and that page couldn’t be reached.
Yea. As Pete pointed out: the ledgersmb-starman server isn't listening on 192.168.88.15; it's only listening on ::1/128 and/or 127.0.0.1 (on the same port).
Now take what I’m about to say with a grain of salt as it comes from a place of ignorance:
To keep focus, I'll wait for you to make the above changes and see if you're satisfied with those. After you are (or if you need the reverse proxy after all so you need the steps below), we can go oven the steps below and what they should have been. Regards, Erik.
I don’t understand how nginx references the install directory with the standard nginx configuration. I copied:
within the nginx-vhost.conf file I edited the part where it says root WORKING_DIR/UI to root /opt/ledgersmb/UI
then
sudo cp /opt/ledgersmb/doc/config/webserver/nginx-vhost.conf /etc/nginx/available-sites/ledgersmb.conf
within the nginx-vhost.conf file I edited the part where it says root /opt/ledgersmb/UI
and then created the link
ln -s /etc/nginx/sites-available/ledgersmb.conf /etc/nginx/sites-enabled/
This naturally failed to enable nginx because I assume this line:
server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
Was not correct, which I changed to:
server {
listen 80;
#listen [::]:443 ssl ipv6only=on;
This seemed to work as nginx fired right up but I was still getting the standard nginx greeting page on port 80 (which might be normal) but the connection was still refused on 5762.
So then in the nginx.conf file under the http{} section I added
Include /etc/nginx/sites-available/ledgersmb.conf
Which again was the nginx-vhost.conf file I modified and changed the name to ledgersmb.conf.
Though I now can’t recall if that failed to start the nginx service or not as much of what has happened is pretty much egg soufflé. If it didn’t start nginx I just deleted it but if it did start it, I still can’t pullup:
http://192.168.88.15:5762/setup.pl
I hope some or all of this makes sense as I’m trying to be as clear as possible so to avoid confusion.
I sincerely thank you for your time.
Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows
------------------------------ *From:* Erik Huelsmann <ehuels@gmail.com> *Sent:* Saturday, February 19, 2022 12:34:17 PM *To:* Mathew Cox <edmondshire@live.com> *Cc:* users@lists.ledgersmb.org <users@lists.ledgersmb.org> *Subject:* Re: [ledgersmb-users] nginx Error
Hi Mathew,
On Sat, Feb 19, 2022 at 8:34 PM Mathew Cox <edmondshire@live.com> wrote:
I’m still confused.
Hopefully we can resolve that!
I tried going the reverse proxy route but that doesn’t help because I don’t own a domain name so certbot won’t send me any certs.
Now I'm confused: The error you presented comes from Nginx. The only role that Nginx has in the installation instructions *is* as a reverse proxy (but you're no longer trying to go that route?). From where I stand, those are contradictory signals. Can you provide a bit more information of what you *have* done, which information you used to do it (including a link to the installation instructions you're using) and which steps you considered successful, if any?
Which was unexpected, I just wanted to run this software on my own home network but that presents a problem as I am at a complete loss how to install the software and configure it in such a way that I can simply access it on my private home network.
Ok. I think you may have missed the key point of Pete's mail: you are almost there and if you're the only user, there's no need to have the reverse proxy, but you *do* need the server to listen on an address which can be reached from the other devices on your home network. It's the "reachable from the other devices on your home network" part which you had not achieved yet in the mail he answered to, because the server was strictly listening to connections from itself.
Is there any guide or lesser known website that lays out what is required to simply self host the software on a private network without the necessity of having a domain name?
I'm not aware of any lesser known sites which document it. There's explicitly not a guide on the main site because it might encourage people to set up LedgerSMB insecurely. However, in your use-case, getting a certificate is indeed overkill (although you could generate a so called self-signed certificate, which would eliminate the need of owning a domain to go to certbot, but that's a whole can of worms in itself). So, when I know what is your reference documentation and to what step you have completed the instructions, I can probably indicate what you need to do to bind the serverprogram to an external address instead of an internal address. That way it will become reachable from other network devices.
Regards,
-- Bye,
Erik.
http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
-- Bye, Erik. http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
participants (1)
-
Erik Huelsmann