SSL cannot be enabled

kacemlight

Hi,

I'm using nginx and I set up an SSL certificate from StartSSL. I changed my etc/nginx/sites-available/nodejsworld.com to :

server {
listen 433 ssl spdy;
server_name nodejsworld.com;
ssl on;
ssl_certificate /etc/nginx/ssl2/nodejsworld.com.unified.crt;
ssl_certificate_key /etc/nginx/ssl2/nodejsworld.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

But when I restart nginx and test my website, I'm find that's it always on http and not https.

Can someone tell me why and what should I do ?

Thanks

kacemlight

I cannot see any support here ????

drew

You have no redirect for 80, @kacemlight
Please see the documentation

kacemlight

I have always the same problem.

that what I did:

sudo nano /etc/nginx/sites-available/nodejsworld.com

After:
This is my conf:

server {
listen 80;
server_name nodejsworld.com;
return 301 https://nodejsworld.com$request_uri;
}

server {
listen 433 ssl spdy;
server_name nodejsworld.com;
ssl on;
ssl_certificate /etc/nginx/ssl2/nodejsworld.com.unified.crt;
ssl_certificate_key /etc/nginx/ssl2/nodejsworld.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

I restart my nginx:
root@nodebb:~# sudo service nginx restart
stop: Unknown instance:
nginx stop/pre-start, process 13399

When I try to test my web site: it's always on http and not https. So weiird, can someone help me pleaaase !!

Thanks

julian

Is the config file symlinked to the sites-enabled/ folder?

kacemlight

Yes I think so, because all modification that I did on sites-available are systematically done on sites-enabled.
Is there an other way to test my conf or nginx ? because I think my modifications are not taken into account.

julian

@kacemlight sudo nginx -t should test your config file.

kacemlight

@julian said:

sudo nginx -t

I got this :

root@nodebb:~# sudo nginx -t
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl2/nodejsworld.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed

I don't know why at all

kacemlight

I just make a modification in my conf and now i get this :

root@nodebb:~# sudo nginx -t
nginx: [warn] conflicting server name "nodejsworld.com" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@nodebb:~#

But my hhtps don't work at all. my website is always on http

julian

The warning is still related, there should be no warnings at all... paste nginx config again, and please surround it with backticks (```) so it is formatted properly.

kacemlight

Ok thaaaanks

This is my RP conf:

server {
    listen 80;
    server_name nodejsworld.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {
        listen 433 ssl spdy;

        server_name nodejsworld.com;
        ssl on;
        ssl_certificate /etc/nginx/ssl2/nodejsworld.com.crt;
        ssl_certificate_key /etc/nginx/ssl/nodejsworld.com.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        # disables all weak ciphers
         ssl_ciphers 'AES128+EECDH:AES128+EDH';
         ssl_prefer_server_ciphers on;

        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://127.0.0.1:4567/;
                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                }
}
server {
    listen   80;
    listen   [::]:80;
    server_name www.nodejsworld.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {
    listen   80;
    listen   [::]:80;
    server_name www.nodecommunity.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {
   listen   80;
    listen   [::]:80;
    server_name nodecommunity.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {
    listen   80;
    listen   [::]:80;
    server_name www.nodejslearning.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {
    listen   80;
    listen   [::]:80;
    server_name nodejslearning.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {
    listen   80;
    listen   [::]:80;
    server_name www.nodejsword.com;
    return 301 https://nodejsworld.com$request_uri;
}
server {   
    listen   80;
    listen   [::]:80;
    server_name nodejsworld.com;
    return 301 https://nodejsworld.com$request_uri;
}

Fastidious

@kacemlight slightly related, your website is incredibly annoying, asking to allow notifications over and over.

kacemlight

@Fastidious What are you talking about ? my website ?? asking to allow notifications ?

Fastidious

@kacemlight Yes, nodejsworld.com, isn't it yours?

On OS X, Safari, it kept constantly asking to "The website “nodejsworld.com” would like to show alerts in Notification Center," for more than six times.

kacemlight

@Fastidious Oh yes I just disable the notification plugin. I didn't know it makes this annoying alert on safari. Thanks !