Welcome! Log In Create A New Profile

Advanced

Can't access website after configuring SSL

January 31, 2017 05:44PM
I have a development version of a Django website with domain name "mysite.com" I used to access my site via the URL "http://web01.mysite.com". I've just installed a wildcard digital certificate and now I can't reach the site. If I use either "https://web01.mysite.com" or "http://web01.mysite.com", I get a quick "ERR_CONNECTION_REFUSED" message. I've read Nginx's SSL doc, numerous blog posts on setting up SSL on Nginx, and researched this error but I can't figure out what's wrong.

My server is Debian 8.7. I'm running Nginx 1.6.2 and "--with-http_ssl_module" is one of the configure arguments. I'm also using the default nginx.conf file.
The nginx process runs under the default account 'www-data'.

My certificate and private key file are located in this directory:

drwr-xr-x root root /srv/ssl/mysite.com/

Here are my bundled certficate and private key files which reside in the above directory:

-r--r----- root www-data ssl-bundle.crt
-r--r----- root www-data mysite.com.key

When I configured the wildcard certificate, I specified "*.mysite.com" as the Common Name.

Here is my /etc/nginx/sites-enabled/mysite.conf file:

server_tokens off;
upstream gunicorn {
server 127.0.0.1:8000 fail_timeout=0;
}

server {
#listen 80;
listen 443 ssl;
server_name web01.mysite.com;
ssl_certificate /srv/ssl/mysite.com/ssl-bundle.crt;
ssl_certificate_key /srv/ssl/mysite.com/mysite.com.key;

location / {
root /srv/http/mysite.com/repo;

# Redirect all HTTP requests to HTTPS
rewrite ^ https://$server_name$request_uri permanent;
}

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

client_max_body_size 4G;
keepalive_timeout 5;

# Pass static file requests to the file server
location /static/ {
proxy_pass http://45.33.33.53;
}
location /media/ {
alias /var/www/mysite.com/media/;
}

try_files $uri @django;

location @django {
proxy_pass http://gunicorn;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

# Capture originating IP address of client
# This allows me to view the HTTP_X_FORWARDED_FOR field in request.META
# in my login_firewall view.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

This is the part I'm unsure of. I believe I've turned off my firewall by doing "sudo iptables -F":

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-ssh (1 references)
target prot opt source destination
REJECT all -- 58.218.199.105 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere

If I do "sudo netstat -plnt | grep nginx", I can see Nginx is listening on port 443:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25537/nginx -g daem

I've checked the nginx error log and it's empty.

Does anyone see what I'm doing wrong?
Subject Author Posted

Can't access website after configuring SSL

robertf57 January 31, 2017 05:44PM

Re: Can't access website after configuring SSL

robertf57 January 31, 2017 06:16PM

Re: Can't access website after configuring SSL

robertf57 January 31, 2017 06:30PM

Re: Can't access website after configuring SSL

itpp2012 February 01, 2017 02:45AM

Re: Can't access website after configuring SSL

robertf57 February 01, 2017 04:33PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 372
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready