CODEWITHSUNDEEP
sslnginx
user1883793
user1883793

Reputation: 4189

Install ssl certificate Nginx port 443 refuse connection

I have installed my certificate and configured my nginx to listen to port 443. But still cannot connect to port 443. Missing something??

In my ssl.conf

HTTPS server configuration

#

server {
listen   443 ssl;
server_name  www.newbullets.co.nz newbullets.co.nz;

ssl                  on;
ssl_certificate  /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key  /etc/ssl/server.key;

ssl_session_timeout  5m;


#location / {
#    root   html;
#    index  index.html index.htm;
#}

}

and default.config

server {
listen   80;
server_name  newbullets.co.nz www.newbullets.co.nz;
#charset koi8-r;
#access_log  logs/host.access.log  main;

location / {
 auth_basic "input you user name and password";
 auth_basic_user_file /var/www/www.newbullets.co.nz/.htpasswd;
    root   /usr/share/nginx/html/nb/;
    index  index.html index.htm index.php;
    try_files $uri $uri/ @handler;
}

Update

I added following to my ssl.conf, now in Firefox it displays the webpage but SSL green bar is gone, and Chrome still downloads the webpage. any idea?

 location ~ \.php$ {
    root           html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html/nb$fastcgi_script_name;
    fastcgi_param MAGE_RUN_CODE default;
    fastcgi_param MAGE_RUN_TYPE store;
    include        fastcgi_params;
}

Upvotes: 2

Views: 26923

Answers (2)

crifan
crifan

Reputation: 14318

my solution:

in brief: in CentOS 7, use firewall tool firewalld or iptables to MAKESURE https 443 port be open.

in detail:

as @Greg Lund-Chaix says, you should make sure 443 port open.

my here is, even if netstat show listen 443 port:

[[email protected] nginx]# netstat -nlp | grep nginx    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2193/nginx: master  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2193/nginx: master

while Aliyun ECS's Security Group has add rule to allow in for 443 port,

but actually here iptables -L output can NOT see https:

iptables -L --line-numbers
...
Chain IN_public_allow (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
2    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data ctstate NEW
3    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp ctstate NEW
4    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
5    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
6    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ddi-tcp-1 ctstate NEW
7    ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:39000:safetynetp ctstate NEW

and finnaly use firewalld to add the https and 443 port:

firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

or use iptables to insert before http(num=5) :

iptables -I IN_public_allow 5 -p tcp --dport 443 -j ACCEPT

then not forget to save changes:

service iptables save

Upvotes: 2

Greg Lund-Chaix
Greg Lund-Chaix

Reputation: 171

  1. Check your firewall and make sure port 443 is open. Often default firewall configurations don't open up 443 along with 80.
  2. Ensure the ssl.conf is called with an include from somewhere. I've beaten my head against a non-functioning config that seemed right only to discover it wasn't being included and loaded at all.
  3. Change the "listen" directive to: listen 443 default_server ssl;

Upvotes: 8

Related Questions