Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 00:36:32.018Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- 00:36:40.876Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- 00:36:40.974Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- 00:36:40.976Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- 00:36:41.423Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- 00:36:42.359Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- 00:42:30.498Z ERROR wings: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list: (err.code=ERR_TLS_CERT_ALTNAME_INVALID)
- Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 95.216.68.22 is not in the cert's list:
- at Object.checkServerIdentity (tls.js:239:17)
- at TLSSocket.onConnectSecure (_tls_wrap.js:1068:27)
- at TLSSocket.emit (events.js:198:13)
- at TLSSocket.EventEmitter.emit (domain.js:466:23)
- at TLSSocket._finishInit (_tls_wrap.js:636:8)
- there is a hundred of these Thadaemon is running on https://celtickraft.ca the panel is running on https://admin.celtickraft.ca same ip 95.216.68.22. The panel was moved from its own nginx server block.
- ----------------------------------------
- core,json is presently set:
- {
- "web": {
- "host": "0.0.0.0",
- "listen": 8080,
- "ssl": {
- "enabled": true,
- "certificate": "/etc/celtickraft.ca/celtickraft.ca.chained.pem;",
- "key": "/etc/celtickraft.ca/celtickraft.ca.pem;"
- }
- },
- "docker": {
- "container": {
- "user": 999
- },
- "network": {
- "name": "pterodactyl_nw"
- },
- "socket": "/var/run/docker.sock",
- "autoupdate_images": true,
- "timezone_path": "/etc/timezone",
- "interface": "172.18.0.1"
- },
- "filesystem": {
- "server_logs": "/tmp/pterodactyl"
- },
- "internals": {
- "disk_use_seconds": 30,
- "set_permissions_on_boot": true,
- "throttle": {
- "enabled": true,
- "kill_at_count": 5,
- "decay": 10,
- "lines": 1000,
- "check_interval_ms": 100
- }
- },
- "sftp": {
- "path": "/srv/daemon-data",
- "ip": "0.0.0.0",
- "port": 2022,
- "keypair": {
- "bits": 2048,
- "e": 65537
- }
- },
- "logger": {
- "path": "logs/",
- "src": false,
- "level": "info",
- "period": "1d",
- "count": 3
- },
- "remote": {
- "base": "https://admin.celtickraft.ca"
- },
- "uploads": {
- "size_limit": 100
- },
- "keys": [
- "aoQcuKLQygcbhdyVfmgLhtJXieGs5BxrJ8rZ"
- ]
- }
- ------------------------------
- pterodactyl.conf below
- #server_tokens off;
- server {
- listen 80;
- server_name admin.celtickraft.ca;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl http2;
- # listen 127.0.0.1:8000 ssl http2;
- server_name admin.celtickraft.ca;
- root /var/www/pterodactyl/public;
- index index.php;
- access_log /var/log/nginx/pterodactyl.app-access.log;
- error_log /var/log/nginx/pterodactyl.app-error.log error;
- # allow larger file uploads and longer script runtimes
- client_max_body_size 100m;
- client_body_timeout 120s;
- sendfile off;
- # SSL Configuration
- ssl_certificate /etc/letsencrypt/live/admin.celtickraft.ca/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/admin.celtickraft.ca/privkey.pem;
- ssl_session_cache shared:SSL:10m;
- ssl_protocols TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
- ssl_prefer_server_ciphers on;
- # See https://hstspreload.org/ before uncommenting the line below.
- # add_header Strict-Transport-Security "max-age=15768000; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header Content-Security-Policy "frame-ancestors 'self'";
- add_header X-Frame-Options DENY;
- add_header Referrer-Policy same-origin;
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param HTTP_PROXY "";
- fastcgi_intercept_errors off;
- fastcgi_buffer_size 16k;
- fastcgi_buffers 4 16k;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- include /etc/nginx/fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- }
- this is where panel lives
- -----------------------------------------
- server {
- listen 80;
- listen [::]:80;
- return 301 https://$host$request_uri;
- }
- server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name celtickraft.ca www.celtickraft.ca;
- root /var/www/celtickraft.ca/public;
- # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
- ssl_certificate /etc/celtickraft.ca/celtickraft.ca.chained.pem;
- ssl_certificate_key /etc/celtickraft.ca/celtickraft.ca.key;
- ssl_session_timeout 1d;
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
- # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
- # ssl_dhparam /path/to/dhparam.pem;
- # intermediate configuration. tweak to your needs.
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
- ssl_prefer_server_ciphers on;
- # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
- add_header Strict-Transport-Security max-age=15768000;
- resolver 8.8.8.8;
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- location /admin.celtickraft.ca/ {
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_pass "http://admin.celtickraft.ca/localhost:8000/";
- }
- location /forums.celtickraft.ca/ {
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_pass "http://localhost:8001/forums.celtickraft.ca/";
- }
- location /api/ {
- proxy_pass "http://localhost/api/";
- }
- error_page 404 /404.html;
- location = /40x.html {
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- }
- }
- -------------------------------------------------------
- hosts
- ### Hetzner Online GmbH installimage
- # nameserver config
- # IPv4
- 127.0.0.1 localhost.localdomain localhost
- 95.216.68.22 Ubuntu-1804-bionic-64-minimal
- #
- # IPv6
- ::1 ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- ff00::0 ip6-mcastprefix
- ff02::1 ip6-allnodes
- ff02::2 ip6-allrouters
- ff02::3 ip6-allhosts
- 2a0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement