Hey there. I own an very old e-ink ebook reader (Tolino Shine 1). Its running an Android 2.3.4 gingerbread os. This os is not able anymore to handle tls 1.3.
I need a site called onleihe.de accessable on this device to use it anymore. Otherwise I need to throw it away.
With some hacking, I was able to add a custom dns on this device. So I setup a dnsmask with redirect for "onleihe.de" to my custom nginx with the following:
server {
server_name onleihe.de;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
resolver 10.0.0.1;
location / {
proxy_pass $scheme://onleihe.de;
proxy_redirect https://acs4.onleihe.de/fulfillment/URLLink.acsm http://acs4.onleihe.de/fulfillment/URLLink.acsm;
}
}
server {
server_name www5.onleihe.de;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
resolver 10.0.0.1;
location / {
proxy_pass $scheme://www5.onleihe.de;
proxy_redirect https://acs4.onleihe.de/fulfillment/URLLink.acsm http://acs4.onleihe.de/fulfillment/URLLink.acsm;
}
}
server {
server_name acs4.onleihe.de;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
resolver 10.0.0.1;
location / {
proxy_pass $scheme://acs4.onleihe.de;
proxy_redirect https://acs4.onleihe.de/fulfillment/URLLink.acsm http://acs4.onleihe.de/fulfillment/URLLink.acsm;
}
}
server {
server_name acs6.onleihe.de;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
resolver 10.0.0.1;
location / {
proxy_pass $scheme://acs6.onleihe.de;
proxy_redirect https://acs4.onleihe.de/fulfillment/URLLink.acsm http://acs4.onleihe.de/fulfillment/URLLink.acsm;
}
}
server {
server_name static.onleihe.de;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
resolver 10.0.0.1;
location / {
proxy_pass $scheme://static.onleihe.de;
proxy_redirect https://acs4.onleihe.de/fulfillment/URLLink.acsm http://acs4.onleihe.de/fulfillment/URLLink.acsm;
}
}
server {
server_name dp1.onleihe.de;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
resolver 10.0.0.1;
location / {
proxy_pass $scheme://dp1.onleihe.de;
proxy_redirect https://acs4.onleihe.de/fulfillment/URLLink.acsm http://acs4.onleihe.de/fulfillment/URLLink.acsm;
}
}
This nginx config is working almost. But sometimes it is not able to resolve a domain and I need to restart my nginx to let it work again. Another problem is that I run already something on 443 and 80 on my docker-server (debian) at home. So I thought traefik would be a good idea but I had no clue how to add tcp-option for specific router configs.
Here is my traefik-config:
http:
routers:
http-www5.onleihe.de:
entryPoints:
- "web"
rule: "Host(`www5.onleihe.de`)"
service: "http-www5.onleihe.de"
https-www5.onleihe.de:
entryPoints:
- "websecure"
rule: "Host(`www5.onleihe.de`)"
service: "https-www5.onleihe.de"
tls:
options: tolino
services:
http-www5.onleihe.de:
loadBalancer:
servers:
- url: "http://www5.onleihe.de"
https-www5.onleihe.de:
loadBalancer:
servers:
- url: "https://www5.onleihe.de"
tls:
options:
tolino:
alpnProtocols:
- http/1.1
minVersion: VersionTLS12
maxVersion: VersionTLS12
cipherSuites:
- TLS_RSA_WITH_AES_128_CBC_SHA
here is the error log I got:
http: TLS handshake error from 192.168.65.1:36370: tls: no cipher suite supported by both client and server
I hope I can get some answers here for that special problem.
Thank you all. I see that this community is very active!
Greetings by
Its_TaRaefik