Tutorial tutorial: how to use ssl on the panel

[kadifica]

All credit to @emre1393 for this tutorial and packages. I just copied it here.


thanks to @urgodfather for his nginx config file, i edited a bit and add small things.

-point your domain to your server

-install lets encrypt certbot

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx

-generate your ssl certificate with lets encrypt certbot,

sudo certbot certonly -d yourdomain.com --nginx

- Congratulations! Your certificate and chain (ssl cert bundle) have been saved at:
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yourdomain.com/privkey.pem
(not: you have to renew lets encrypt certificates in every 90 days, use this command
sudo certbot renew

i compiled nginx with latest version, openssl 1.1.1d and http2 support, i didn't test %100 but it is working fine. i am using this build currently.
nginx_updated.zip(5.02 MiB) Downloaded 165 times
backup your original file as nginx.bak and put this nginx file into /home/xtreamcodes/iptv_xtream_codes/nginx/sbin folder.
set 755 permission and xtreamcodes ownership for new nginx file.
edit: you may need to run start_services.sh after replacing nginx binary.
sudo /home/xtreamcodes/iptv_xtream_codes/start_services.sh

cp /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf  /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf.bak

use this config file as templete,
nginx.conf.ssl_for_xtreamui.txt.zip(2 KiB) Downloaded 157 times

open conf file, replace ports, domain names, ssl cert file names and paths, read the # notes
and save it as;

/home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf

set 755 permission and xtreamcodes ownership for new nginx.conf file.

test your conf file with;

sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -t

if it says successful, reload the nginx,
if it says test failed, look at the error message and fix your config and test again.

then reload the nginx;

sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -s reload

also check listening ports to make sure it is working;

sudo lsof -i -P -n | grep LISTEN

backup your nginx.conf

 

[esolks]

thank and thnx to urgodfather for this

 

[urgodfather]

I'm pretty sure @emre1393 is the one who wrote this tutorial. Don't you think the real credit belongs to him? I only gave a little boost. BTW, I don't use certbot.

 

[coniets]

thanks for this tutorial .

 

[grow]

Hi @kadifica , thank you for the tutorial.

Sorry the silly question, all the lines and devices needs to change lines for https or the nginx configuration redirects http traffic to https?

i have also, the port 80 configurated, i need change to 443?

The LBs needs this configuration too?

Sorry again

 

[SubZer0]

Tutorial looks great ty!!

 

[diemgfc]

thanks i love that.
for redirections on nginx please add this line into nginx config :

# HTTP to HTTPS redirections
location / {
proxy_pass http://server;
return 301 https://$host$request_uri;
}

 

[Moviplus]

Thanks, Works Very well

How did you compile NGINX ?

 

[DgBrasil]

thanks for posting, hope it works

 

[Rate]

Can someone put valid link for download,becouse is old from xtream-ui site.

 

[ddmmyy]

I'm pretty sure @emre1393 is the one who wrote this tutorial. Don't you think the real credit belongs to him? I only gave a little boost. BTW, I don't use certbot.

What else you are using if not certbot ?

 

[urgodfather]

What else you are using if not certbot ?

You do not need Certbot to do let’s encrypt certificate. Certbot is tool to make easier.

 

[malisa1980]

All credit to @emre1393 for this tutorial and packages. I just copied it here.


thanks to @urgodfather for his nginx config file, i edited a bit and add small things.

-point your domain to your server

-install lets encrypt certbot

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx

-generate your ssl certificate with lets encrypt certbot,

sudo certbot certonly -d yourdomain.com --nginx

- Congratulations! Your certificate and chain (ssl cert bundle) have been saved at:
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yourdomain.com/privkey.pem
(not: you have to renew lets encrypt certificates in every 90 days, use this command
sudo certbot renew

i compiled nginx with latest version, openssl 1.1.1d and http2 support, i didn't test %100 but it is working fine. i am using this build currently.
nginx_updated.zip(5.02 MiB) Downloaded 165 times
backup your original file as nginx.bak and put this nginx file into /home/xtreamcodes/iptv_xtream_codes/nginx/sbin folder.
set 755 permission and xtreamcodes ownership for new nginx file.
edit: you may need to run start_services.sh after replacing nginx binary.
sudo /home/xtreamcodes/iptv_xtream_codes/start_services.sh

cp /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf  /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf.bak

use this config file as templete,
nginx.conf.ssl_for_xtreamui.txt.zip(2 KiB) Downloaded 157 times

open conf file, replace ports, domain names, ssl cert file names and paths, read the # notes
and save it as;

/home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf

set 755 permission and xtreamcodes ownership for new nginx.conf file.

test your conf file with;

sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -t

if it says successful, reload the nginx,
if it says test failed, look at the error message and fix your config and test again.

then reload the nginx;

sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -s reload

also check listening ports to make sure it is working;

sudo lsof -i -P -n | grep LISTEN

backup your nginx.conf

Thank you for your effort

 

[xsat2010]

thanks brother
emire is the best in tutorial

 

[GroupVox]

Todo o crédito para [USER = 4165] @ emre1393 [/ USER] por este tutorial e pacotes. Eu apenas copiei aqui.


obrigado a [USER = 1322] @urgodfather [/ USER] por seu arquivo de configuração nginx, eu editei um pouco e adicionei pequenas coisas.

-ponte seu domínio para o seu servidor

-install permite criptografar certbot

[CÓDIGO] sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa: certbot / certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx [/ CODE]
-gerar seu certificado SSL com permite criptografar o certbot,
[CÓDIGO] sudo certbot certonly -d seudominio.com --nginx [/ CODE]
- Parabéns! Seu certificado e cadeia (pacote SSL cert) foram salvos em:
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
Seu arquivo de chave foi salvo em:
/etc/letsencrypt/live/yourdomain.com/privkey.pem
(não: você tem que renovar permite criptografar certificados a cada 90 dias, use este comando
sudo certbot renovar

Compilei o nginx com a versão mais recente, suporte a openssl 1.1.1d e http2, não testei o% 100, mas está funcionando bem. estou usando esta compilação atualmente.
nginx_updated.zip (5.02 MiB) Baixado 165 vezes
faça backup de seu arquivo original como nginx.bak e coloque esse arquivo nginx na pasta / home / xtreamcodes / iptv_xtream_codes / nginx / sbin.
definir permissão 755 e propriedade xtreamcodes para o novo arquivo nginx.
editar: você pode precisar executar start_services.sh após substituir o binário nginx.
sudo /home/xtreamcodes/iptv_xtream_codes/start_services.sh

[CÓDIGO] cp /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf.bak[/CODE]
use este arquivo de configuração como modelo,
nginx.conf.ssl_for_xtreamui.txt.zip (2 KiB) Baixado 157 vezes

abra o arquivo conf, substitua portas, nomes de domínio, nomes e caminhos de arquivos SSL cert, leia as # notas
and save it as;

/home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf

set 755 permission and xtreamcodes ownership for new nginx.conf file.

test your conf file with;

sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -t

if it says successful, reload the nginx,
if it says test failed, look at the error message and fix your config and test again.

then reload the nginx;

sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -s reload

also check listening ports to make sure it is working;

sudo lsof -i -P -n | grep LISTEN

backup your nginx.conf

something went wrong but I'll go over if the installation and the files need help from someone available

 

[petxya]

Can anyone please share the content of "nginx.conf.ssl_for_xtreamui.txt.zip" file from above? Unfortunately the source server is not available.

 

[urgodfather]

Can anyone please share the content of "nginx.conf.ssl_for_xtreamui.txt.zip" file from above? Unfortunately the source server is not available.

It is not that complicated!!!!! Nginx is nginx! The only difference is the location of the binaries and the location it looks for the config file!

 

[thugthug]

@urgodfather Do you still indicate this tutorial as it is or over time recommend some changes to the way everything is done?

 

[petxya]

Here's what I did to make SSL work both for playback and admin area.
I can confirm it is working on MAG520. Connect your MAG device to portal on https://EXAMPLE.COM:25463/c

You also need to update your xtream-ui databese with the following line:

UPDATE xtream_iptvpro.settings SET use_https='["1", "2", "3"]' WHERE id='1';

Modify nginx.conf as follows for SSL playback after installing letsencrypt certificate:

/home/xtreamcodes/iptv_xtream_codes/nginx/conf# nano nginx.conf

server {
listen 25461;listen 25463 ssl;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/wwwdir/;
server_name EXAMPLE.COM;
server_tokens off;
chunked_transfer_encoding off;

Scroll somewhat lower, and modify "server" as follows for admin area SSL

server {
listen 25500;listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COMu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/admin/;
server_name EXAMPLE.COM;

include /etc/letsencrypt/options-ssl-nginx.conf;

if ($scheme != "https") {
return 301 https://$host$request_uri;
}

enjoy

 

[cesarkrespo]

Here's what I did to make SSL work both for playback and admin area.
I can confirm it is working on MAG520. Connect your MAG device to portal on https://EXAMPLE.COM:25463/c

You also need to update your xtream-ui databese with the following line:

UPDATE xtream_iptvpro.settings SET use_https='["1", "2", "3"]' WHERE id='1';

Modify nginx.conf as follows for SSL playback after installing letsencrypt certificate:

/home/xtreamcodes/iptv_xtream_codes/nginx/conf# nano nginx.conf

server {
listen 25461;listen 25463 ssl;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/wwwdir/;
server_name EXAMPLE.COM;
server_tokens off;
chunked_transfer_encoding off;


Scroll somewhat lower, and modify "server" as follows for admin area SSL

server {
listen 25500;listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COMu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/admin/;
server_name EXAMPLE.COM;

include /etc/letsencrypt/options-ssl-nginx.conf;

if ($scheme != "https") {
return 301 https://$host$request_uri;
}

Hit a Like if it helps you

if the channel is in main it works on https without any kind of change.
just install ssl normally