Welcome! Log In Create A New Profile

Can't access website after configuring SSL

Forum List Message List New Topic Print View

robertf57

January 31, 2017 05:44PM

Registered: 12 years ago
Posts: 5

I have a development version of a Django website with domain name "mysite.com" I used to access my site via the URL "http://web01.mysite.com". I've just installed a wildcard digital certificate and now I can't reach the site. If I use either "https://web01.mysite.com" or "http://web01.mysite.com", I get a quick "ERR_CONNECTION_REFUSED" message. I've read Nginx's SSL doc, numerous blog posts on setting up SSL on Nginx, and researched this error but I can't figure out what's wrong.

My server is Debian 8.7. I'm running Nginx 1.6.2 and "--with-http_ssl_module" is one of the configure arguments. I'm also using the default nginx.conf file.
The nginx process runs under the default account 'www-data'.

My certificate and private key file are located in this directory:

drwr-xr-x root root /srv/ssl/mysite.com/

Here are my bundled certficate and private key files which reside in the above directory:

-r--r----- root www-data ssl-bundle.crt
-r--r----- root www-data mysite.com.key

When I configured the wildcard certificate, I specified "*.mysite.com" as the Common Name.

Here is my /etc/nginx/sites-enabled/mysite.conf file:

server_tokens off;
upstream gunicorn {
server 127.0.0.1:8000 fail_timeout=0;
}

server {
#listen 80;
listen 443 ssl;
server_name web01.mysite.com;
ssl_certificate /srv/ssl/mysite.com/ssl-bundle.crt;
ssl_certificate_key /srv/ssl/mysite.com/mysite.com.key;

location / {
root /srv/http/mysite.com/repo;

# Redirect all HTTP requests to HTTPS
rewrite ^ https://$server_name$request_uri permanent;
}

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

client_max_body_size 4G;
keepalive_timeout 5;

# Pass static file requests to the file server
location /static/ {
proxy_pass http://45.33.33.53;
}
location /media/ {
alias /var/www/mysite.com/media/;
}

try_files $uri @django;

location @django {
proxy_pass http://gunicorn;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

# Capture originating IP address of client
# This allows me to view the HTTP_X_FORWARDED_FOR field in request.META
# in my login_firewall view.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

This is the part I'm unsure of. I believe I've turned off my firewall by doing "sudo iptables -F":

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-ssh (1 references)
target prot opt source destination
REJECT all -- 58.218.199.105 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere

If I do "sudo netstat -plnt | grep nginx", I can see Nginx is listening on port 443:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25537/nginx -g daem

I've checked the nginx error log and it's empty.

Does anyone see what I'm doing wrong?

Reply Quote

RSS

Subject	Author	Posted
Can't access website after configuring SSL	robertf57	January 31, 2017 05:44PM
Re: Can't access website after configuring SSL	robertf57	January 31, 2017 06:16PM
Re: Can't access website after configuring SSL	robertf57	January 31, 2017 06:30PM
Re: Can't access website after configuring SSL	itpp2012	February 01, 2017 02:45AM
Re: Can't access website after configuring SSL	robertf57	February 01, 2017 04:33PM