SSL : yes or not

a_5mith

@djcyry did you restart nginx?

djcyry

@a_5mith said:

@djcyry did you restart nginx?

Sure .
I have installed the ssl , everything ok .
But is not redirected , and if is do , is redirectiing to nginx default page . (with https)

a_5mith

What's your. Nginx? Port 80 should redirect. 443 should load your site.

What's the content of your site in sites-available?

djcyry

@a_5mith said:

What's your. Nginx? Port 80 should redirect. 443 should load your site.

What's the content of your site in sites-available?

Without ssl , this :

server {
listen 80;
server_name www.hercio.net;

#charset koi8-r;
location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Nginx-Proxy true;
    proxy_pass http://62.75.159.105:4567;
    proxy_redirect off;

    # Socket.IO Support
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";

}
}

server {
listen 80;
server_name www.nodebb.es;

#charset koi8-r;
location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Nginx-Proxy true;
    proxy_pass http://62.75.159.105:4568;
    proxy_redirect off;

    # Socket.IO Support
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";

}
}

server {
listen 80;
server_name hercio.net;

return 301 http://www.hercio.net$request_uri;

}

server {
listen 80;
server_name www.hercio.net;

return 301 http://www.hercio.net$request_uri;

}

server {
listen 80;
server_name nodebb.es;

return 301 http://www.nodebb.es$request_uri;

}

server {
listen 80;
server_name www.nodebb.es;

return 301 http://www.nodebb.es$request_uri;

}

a_5mith

Here's mine. Compare:

server {
    client_max_body_size 40M;
    listen 443 ssl;
    server_name 35hz.co.uk;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/35hz.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/35hz.co.uk/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://188.226.239.27:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }
}
server {
    client_max_body_size 40M;
    listen 80;
    server_name 35hz.co.uk;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

djcyry

@a_5mith said:

Here's mine. Compare:

server {
    client_max_body_size 40M;
    listen 443 ssl;
    server_name 35hz.co.uk;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/35hz.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/35hz.co.uk/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://188.226.239.27:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }
}
server {
    client_max_body_size 40M;
    listen 80;
    server_name 35hz.co.uk;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

Thanks @a_5mith .
Look at this :

https://hercio.net/ - ssl works without www.
https://www.hercio.net/ - ssl works with www

https://nodebb.es/ - ssl works without www.
https://www.nodebb.es/ - ssl not works with www

Both forums are hosted on same server, same configuration , etc ...any idea?

julian

@djcyry

Your configuration for nodebb.es is serving the SSL certificate for hercio.net

supersym

@djcyry So we run it behind a reverse proxy too. Here's the config:

HTTP (file include)

server {
  listen 80;
  server_name www.social.example.com social.example.com;
  return 301 https://social.example.com$request_uri;
}

HTTPS (file include)

server {

    listen 443 ssl;
    server_name www.social.example.com social.example.com;

    ssl_certificate /etc/nginx/ssl/example.crt;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    # SSL caching override
    ssl_session_cache shared:SSL:10m;

    # Enable long duration HSTS
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Host $http_host;

    proxy_redirect off;
    #proxy_next_upstream off;

    # Socket.IO Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    include /var/www/social.example.com/conf/error.conf;

    location @nodebb {
        proxy_pass http://io_nodes;
    }

    location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
        root /srv/http/domain/example.com/social/public/;
        try_files $uri $uri/ @nodebb;
    }

    location / {

        # These need to be defined in the location block to
        # override express status message handler
        error_page 404 /404.html;
        error_page 502 /502.html;
        error_page 503 /503.html;

        proxy_intercept_errors on;

        client_max_body_size 10M;

        proxy_pass http://io_nodes;
    }

}

Also the following upstream (2 workers):

upstream io_nodes {
    server 127.0.1.4:4567;
    server 127.0.1.4:4568;
}

Finally, also a upstream loopback in /etc/hosts

127.0.1.4 nbb.node.example.com

Note that we defined both server names, www.social.example.com and social.example.com

djcyry

@julian
@supersym

It·s fixed but , its respond with www and without www , i want to
redirect all to www. ..any idea? thanks

in my config /etc/nginx/conf.d/.conf i have :

server {
listen 80;
server_name www.hercio.net hercio.net;
return 301 https://hercio.net$request_uri;
}

server {
listen 80;
server_name www.nodebb.es nodebb.es;
return 301 https://nodebb.es$request_uri;
}

I restarting nginx but still responding from both.

pichalite

@djcyry changing return 301 https://nodebb.es$request_uri; to return 301 https://www.nodebb.es$request_uri; should do it I think

djcyry

@pichalite said:

@djcyry changing return 301 https://nodebb.es$request_uri; to return 301 https://www.nodebb.es$request_uri; should do it I think

I have change it , not redirect .