Welcome! Log In Create A New Profile

Advanced

Re: Can't access website after configuring SSL

January 31, 2017 06:30PM
I have a development version of a Django website with domain name "mysite.com" I used to access my site via the URL "http://web01.mysite.com". I've just installed a wildcard digital certificate and now I can't reach the site. If I use either "https://web01.mysite.com" or "http://web01.mysite.com", I get a quick "ERR_CONNECTION_REFUSED" message. I've read Nginx's SSL doc, numerous blog posts on setting up SSL on Nginx, and researched this error but I can't figure out what's wrong.

My server is Debian 8.7. I'm running Nginx 1.6.2 and "--with-http_ssl_module" is one of the configure arguments. I'm also using the default nginx.conf file.
The nginx process runs under the default account 'www-data'.

My certificate and private key file are located in this directory:

drwr-xr-x root root /srv/ssl/mysite.com/

Here are my bundled certficate and private key files which reside in the above directory:

-r--r----- root www-data ssl-bundle.crt
-r--r----- root www-data mysite.com.key

When I configured the wildcard certificate, I specified "*.mysite.com" as the Common Name.

Here is my /etc/nginx/sites-enabled/mysite.conf file:

server_tokens off;
upstream gunicorn {
server 127.0.0.1:8000 fail_timeout=0;
}

server {
#listen 80;
listen 443 ssl;
server_name web01.mysite.com;
ssl_certificate /srv/ssl/mysite.com/ssl-bundle.crt;
ssl_certificate_key /srv/ssl/mysite.com/mysite.com.key;

location / {
root /srv/http/mysite.com/repo;

# Redirect all HTTP requests to HTTPS
rewrite ^ https://$server_name$request_uri permanent;
}

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

client_max_body_size 4G;
keepalive_timeout 5;

# Pass static file requests to the file server
location /static/ {
proxy_pass http://45.33.33.53;
}
location /media/ {
alias /var/www/mysite.com/media/;
}

try_files $uri @django;

location @django {
proxy_pass http://gunicorn;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

# Capture originating IP address of client
# This allows me to view the HTTP_X_FORWARDED_FOR field in request.META
# in my login_firewall view.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

I've opened port 443 on my firewall:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- loopback/8 anywhere reject-with icmp-port-unreachable
ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables_INPUT_denied: "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables_FORWARD_denied: "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


If I do "sudo netstat -plnt | grep nginx", I can see Nginx is listening on port 443:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25537/nginx -g daem

I've checked the nginx error log (even with debug enabled) and it's empty. I did reload the nginx config files after I changed them with reload.

Does ssl.conf need to be included from either nginx.conf or my mysite.conf file? This article (http://stackoverflow.com/questions/20669404/install-ssl-certificate-nginx-port-443-refuse-connection) mentions that as a requirement but I didn't see this discussed in the Nginx docs nor in any of the configuration articles I read online.

Does anyone see what I'm doing wrong?
Subject Author Posted

Can't access website after configuring SSL

robertf57 January 31, 2017 05:44PM

Re: Can't access website after configuring SSL

robertf57 January 31, 2017 06:16PM

Re: Can't access website after configuring SSL

robertf57 January 31, 2017 06:30PM

Re: Can't access website after configuring SSL

itpp2012 February 01, 2017 02:45AM

Re: Can't access website after configuring SSL

robertf57 February 01, 2017 04:33PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 326
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready