Welcome! Log In Create A New Profile

Advanced

HTTPS over port 443

Posted by fugee ohu 
fugee ohu
HTTPS over port 443
August 07, 2018 09:30PM
I'm trying to enable site wide ssl over port 443 on a site that runs
on http port 80
In nginx.conf i have `listen 443 ssl;` for the server but requests for
the server get routed to the first available host on port 80, another
of my sites also in the nginx.conf How can I diagnose this to see
what's going on?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
basti
Re: HTTPS over port 443
August 07, 2018 09:30PM
please show us your config

On 07.08.2018 21:22, fugee ohu wrote:
> I'm trying to enable site wide ssl over port 443 on a site that runs
> on http port 80
> In nginx.conf i have `listen 443 ssl;` for the server but requests for
> the server get routed to the first available host on port 80, another
> of my sites also in the nginx.conf How can I diagnose this to see
> what's going on?
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 07, 2018 09:40PM
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/ignatzmouse/certificate.crt;
ssl_certificate_key /etc/ssl/certs/ignatzmouse/private.key;
server_name *.ignatzmouse.com www.ignatzmouse.com ignatzmouse.com;
charset utf-8;
location / {
root /usr/home/fugee/websites/ignatzmouse/public;
rails_env production;
passenger_enabled on;
}
}

On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]> wrote:
> please show us your config
>
> On 07.08.2018 21:22, fugee ohu wrote:
>> I'm trying to enable site wide ssl over port 443 on a site that runs
>> on http port 80
>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
>> the server get routed to the first available host on port 80, another
>> of my sites also in the nginx.conf How can I diagnose this to see
>> what's going on?
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 07, 2018 09:40PM
server {
listen 80;
# listen 443 ssl;
# ssl_certificate /etc/ssl/certs/ignatzmouse/certificate.crt;
# ssl_certificate_key /etc/ssl/certs/ignatzmouse/private.key;
server_name *.sitename.com www.sitename.com sitename.com;
charset utf-8;
location / {
root /usr/home/fugee/websites/ignatzmouse/public;
rails_env production;
passenger_enabled on;
}
}

On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]> wrote:
> please show us your config
>
> On 07.08.2018 21:22, fugee ohu wrote:
>> I'm trying to enable site wide ssl over port 443 on a site that runs
>> on http port 80
>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
>> the server get routed to the first available host on port 80, another
>> of my sites also in the nginx.conf How can I diagnose this to see
>> what's going on?
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 07, 2018 09:50PM
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/sitename/certificate.crt;
ssl_certificate_key /etc/ssl/certs/sitename/private.key;
server_name *.sitename.com www.sitename.com sitename;
charset utf-8;
location / {
root /usr/home/fugee/websites/sitename/public;
rails_env production;
passenger_enabled on;
}
}

On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]> wrote:
> please show us your config
>
> On 07.08.2018 21:22, fugee ohu wrote:
>> I'm trying to enable site wide ssl over port 443 on a site that runs
>> on http port 80
>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
>> the server get routed to the first available host on port 80, another
>> of my sites also in the nginx.conf How can I diagnose this to see
>> what's going on?
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
basti
Re: HTTPS over port 443
August 07, 2018 09:50PM
first of all use wget or curl for testing to bypass browser cache.
when you have also a port 80 config and call http://example.com you
*must* have a redirect to https. when you call https://example.com it
should work, i think (not tested)

On 07.08.2018 21:39, fugee ohu wrote:
> server {
> listen 443 ssl;
> ssl_certificate /etc/ssl/certs/sitename/certificate.crt;
> ssl_certificate_key /etc/ssl/certs/sitename/private.key;
> server_name *.sitename.com www.sitename.com sitename;
> charset utf-8;
> location / {
> root /usr/home/fugee/websites/sitename/public;
> rails_env production;
> passenger_enabled on;
> }
> }
>
> On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]> wrote:
>> please show us your config
>>
>> On 07.08.2018 21:22, fugee ohu wrote:
>>> I'm trying to enable site wide ssl over port 443 on a site that runs
>>> on http port 80
>>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
>>> the server get routed to the first available host on port 80, another
>>> of my sites also in the nginx.conf How can I diagnose this to see
>>> what's going on?
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 07, 2018 10:00PM
What do you mean by "also have a port 80 config" ? The port 80 configs
are my other sites that I haven't created certificates for yet The
port 80 config for the site in question is commented out in favor of
`listen 443 ssl;`

On Tue, Aug 7, 2018 at 3:45 PM, basti <[email protected]> wrote:
> first of all use wget or curl for testing to bypass browser cache.
> when you have also a port 80 config and call http://example.com you
> *must* have a redirect to https. when you call https://example.com it
> should work, i think (not tested)
>
> On 07.08.2018 21:39, fugee ohu wrote:
>> server {
>> listen 443 ssl;
>> ssl_certificate /etc/ssl/certs/sitename/certificate.crt;
>> ssl_certificate_key /etc/ssl/certs/sitename/private.key;
>> server_name *.sitename.com www.sitename.com sitename;
>> charset utf-8;
>> location / {
>> root /usr/home/fugee/websites/sitename/public;
>> rails_env production;
>> passenger_enabled on;
>> }
>> }
>>
>> On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]> wrote:
>>> please show us your config
>>>
>>> On 07.08.2018 21:22, fugee ohu wrote:
>>>> I'm trying to enable site wide ssl over port 443 on a site that runs
>>>> on http port 80
>>>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
>>>> the server get routed to the first available host on port 80, another
>>>> of my sites also in the nginx.conf How can I diagnose this to see
>>>> what's going on?
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx@nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Jeff Dyke
Re: HTTPS over port 443
August 08, 2018 12:30AM
how about adding
server {
listen 80;
redirect https://$host$request_uri 301; //YYMV as to what destination
you need them to end up at.
}

On Tue, Aug 7, 2018 at 3:58 PM, fugee ohu <[email protected]> wrote:

> What do you mean by "also have a port 80 config" ? The port 80 configs
> are my other sites that I haven't created certificates for yet The
> port 80 config for the site in question is commented out in favor of
> `listen 443 ssl;`
>
> On Tue, Aug 7, 2018 at 3:45 PM, basti <[email protected]>
> wrote:
> > first of all use wget or curl for testing to bypass browser cache.
> > when you have also a port 80 config and call http://example.com you
> > *must* have a redirect to https. when you call https://example.com it
> > should work, i think (not tested)
> >
> > On 07.08.2018 21:39, fugee ohu wrote:
> >> server {
> >> listen 443 ssl;
> >> ssl_certificate /etc/ssl/certs/sitename/certificate.crt;
> >> ssl_certificate_key /etc/ssl/certs/sitename/private.key;
> >> server_name *.sitename.com www.sitename.com sitename;
> >> charset utf-8;
> >> location / {
> >> root /usr/home/fugee/websites/sitename/public;
> >> rails_env production;
> >> passenger_enabled on;
> >> }
> >> }
> >>
> >> On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]>
> wrote:
> >>> please show us your config
> >>>
> >>> On 07.08.2018 21:22, fugee ohu wrote:
> >>>> I'm trying to enable site wide ssl over port 443 on a site that runs
> >>>> on http port 80
> >>>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
> >>>> the server get routed to the first available host on port 80, another
> >>>> of my sites also in the nginx.conf How can I diagnose this to see
> >>>> what's going on?
> >>>> _______________________________________________
> >>>> nginx mailing list
> >>>> nginx@nginx.org
> >>>> http://mailman.nginx.org/mailman/listinfo/nginx
> >>>>
> >>> _______________________________________________
> >>> nginx mailing list
> >>> nginx@nginx.org
> >>> http://mailman.nginx.org/mailman/listinfo/nginx
> >> _______________________________________________
> >> nginx mailing list
> >> nginx@nginx.org
> >> http://mailman.nginx.org/mailman/listinfo/nginx
> >>
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: HTTPS over port 443
August 08, 2018 12:30AM
On Tue, Aug 07, 2018 at 03:22:45PM -0400, fugee ohu wrote:

Hi there,

> I'm trying to enable site wide ssl over port 443 on a site that runs
> on http port 80
> In nginx.conf i have `listen 443 ssl;` for the server but requests for
> the server get routed to the first available host on port 80, another
> of my sites also in the nginx.conf How can I diagnose this to see
> what's going on?

curl -v https://www.sitename.com

The response will be interesting.

My guess is that your rails/passenger settings (outside of nginx) are
causing a http redirect to something like http://www.sitename.com; and
because you have disabled the http server for that name, it is handled
by the default server on that ip:port.

If that is the case -- check your rails/passenger setting to see if they
refer to http anywhere, and make them not.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 08, 2018 01:20AM
If I have `listen 80 ssl;` would that do the redirect automatically
for me without the explicit redirect you gave me?

On Tue, Aug 7, 2018 at 6:23 PM, Jeff Dyke <[email protected]> wrote:
> how about adding
> server {
> listen 80;
> redirect https://$host$request_uri 301; //YYMV as to what destination
> you need them to end up at.
> }
>
> On Tue, Aug 7, 2018 at 3:58 PM, fugee ohu <[email protected]> wrote:
>>
>> What do you mean by "also have a port 80 config" ? The port 80 configs
>> are my other sites that I haven't created certificates for yet The
>> port 80 config for the site in question is commented out in favor of
>> `listen 443 ssl;`
>>
>>
>> On Tue, Aug 7, 2018 at 3:45 PM, basti <[email protected]>
>> wrote:
>> > first of all use wget or curl for testing to bypass browser cache.
>> > when you have also a port 80 config and call http://example.com you
>> > *must* have a redirect to https. when you call https://example.com it
>> > should work, i think (not tested)
>> >
>> > On 07.08.2018 21:39, fugee ohu wrote:
>> >> server {
>> >> listen 443 ssl;
>> >> ssl_certificate /etc/ssl/certs/sitename/certificate.crt;
>> >> ssl_certificate_key /etc/ssl/certs/sitename/private.key;
>> >> server_name *.sitename.com www.sitename.com sitename;
>> >> charset utf-8;
>> >> location / {
>> >> root /usr/home/fugee/websites/sitename/public;
>> >> rails_env production;
>> >> passenger_enabled on;
>> >> }
>> >> }
>> >>
>> >> On Tue, Aug 7, 2018 at 3:28 PM, basti <[email protected]>
>> >> wrote:
>> >>> please show us your config
>> >>>
>> >>> On 07.08.2018 21:22, fugee ohu wrote:
>> >>>> I'm trying to enable site wide ssl over port 443 on a site that runs
>> >>>> on http port 80
>> >>>> In nginx.conf i have `listen 443 ssl;` for the server but requests
>> >>>> for
>> >>>> the server get routed to the first available host on port 80, another
>> >>>> of my sites also in the nginx.conf How can I diagnose this to see
>> >>>> what's going on?
>> >>>> _______________________________________________
>> >>>> nginx mailing list
>> >>>> nginx@nginx.org
>> >>>> http://mailman.nginx.org/mailman/listinfo/nginx
>> >>>>
>> >>> _______________________________________________
>> >>> nginx mailing list
>> >>> nginx@nginx.org
>> >>> http://mailman.nginx.org/mailman/listinfo/nginx
>> >> _______________________________________________
>> >> nginx mailing list
>> >> nginx@nginx.org
>> >> http://mailman.nginx.org/mailman/listinfo/nginx
>> >>
>> > _______________________________________________
>> > nginx mailing list
>> > nginx@nginx.org
>> > http://mailman.nginx.org/mailman/listinfo/nginx
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 08, 2018 01:30AM
I don't think there's rails passenger settings Adding passenger to the
Gemfile only causes the app to use passenger in development mode
instead of the default (presently puma)

On Tue, Aug 7, 2018 at 6:26 PM, Francis Daly <[email protected]> wrote:
> On Tue, Aug 07, 2018 at 03:22:45PM -0400, fugee ohu wrote:
>
> Hi there,
>
>> I'm trying to enable site wide ssl over port 443 on a site that runs
>> on http port 80
>> In nginx.conf i have `listen 443 ssl;` for the server but requests for
>> the server get routed to the first available host on port 80, another
>> of my sites also in the nginx.conf How can I diagnose this to see
>> what's going on?
>
> curl -v https://www.sitename.com
>
> The response will be interesting.
>
> My guess is that your rails/passenger settings (outside of nginx) are
> causing a http redirect to something like http://www.sitename.com; and
> because you have disabled the http server for that name, it is handled
> by the default server on that ip:port.
>
> If that is the case -- check your rails/passenger setting to see if they
> refer to http anywhere, and make them not.
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: HTTPS over port 443
August 08, 2018 09:20AM
On Tue, Aug 07, 2018 at 07:20:58PM -0400, fugee ohu wrote:
> I don't think there's rails passenger settings Adding passenger to the
> Gemfile only causes the app to use passenger in development mode
> instead of the default (presently puma)

Ok.

What is the output of

curl -v https://www.sitename.com

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 09, 2018 12:50AM
I made a little progress What happens in a browser now is it says
"ERR_TOO_MANY_REDIRECTS"

$ curl -v sitename.com
* Rebuilt URL to: sitename.com/
* Trying 108.41.240.225...
* TCP_NODELAY set
* Connected to sitename.com (108.41.240.225) port 80 (#0)
> GET / HTTP/1.1
> Host: sitename.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.14.0
< Date: Wed, 08 Aug 2018 22:39:54 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: https://sitename.com/
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>
* Connection #0 to host sitename.com left intact

On Wed, Aug 8, 2018 at 3:17 AM, Francis Daly <[email protected]> wrote:
> On Tue, Aug 07, 2018 at 07:20:58PM -0400, fugee ohu wrote:
>> I don't think there's rails passenger settings Adding passenger to the
>> Gemfile only causes the app to use passenger in development mode
>> instead of the default (presently puma)
>
> Ok.
>
> What is the output of
>
> curl -v https://www.sitename.com
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
fugee ohu
Re: HTTPS over port 443
August 09, 2018 01:00AM
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
ssl_certificate /etc/ssl/certs/sitename/certificate.crt;
ssl_certificate_key /etc/ssl/certs/sitename/private.key;
server_name *.sitename.com www.sitename.com sitename.co$
charset utf-8;
location / {
root /usr/home/fugee/websites/sitename/public;
rails_env production;
# passenger_enabled on;
}
}

On Wed, Aug 8, 2018 at 3:17 AM, Francis Daly <[email protected]daoine.org> wrote:
> On Tue, Aug 07, 2018 at 07:20:58PM -0400, fugee ohu wrote:
>> I don't think there's rails passenger settings Adding passenger to the
>> Gemfile only causes the app to use passenger in development mode
>> instead of the default (presently puma)
>
> Ok.
>
> What is the output of
>
> curl -v https://www.sitename.com
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: HTTPS over port 443
August 09, 2018 09:40AM
On Wed, Aug 08, 2018 at 06:42:42PM -0400, fugee ohu wrote:

Hi there,

> I made a little progress What happens in a browser now is it says
> "ERR_TOO_MANY_REDIRECTS"

It's good that you have a definite error message.

> $ curl -v sitename.com
....
> < HTTP/1.1 301 Moved Permanently
> < Location: https://sitename.com/

That is the output of

curl -v http://sitename.com/

What is the output of

curl -v https://sitename.com/

?

(And if that is a http 301 redirect to another Location, what is the
output of "curl -v that-location"?)

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login