CODEWITHSUNDEEP
sslnginx
Abrar Hossain
Abrar Hossain

Reputation: 2702

Configuring SSL with Nginx

Now this might be a very simple issue but I can't seem to figure out how get SSL to work with Nginx. I will list what I have done so far:

  1. Used certbot to create a fullchain.pem and privkey.pem file

  2. Added the following code to /etc/nginx/conf.d/pubgstats.info 

    server {


  listen 80;
  server_name pubgstats.info www.pubgstats.info;
  location '/.well-known/acme-challenge' {
        root /srv/www/pubg-stats;
  }

  location / {
        proxy_pass http://localhost:4200;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
  }
  location /secure {
        auth_pam "Secure zone";
        auth_pam_service_name "nginx";
  }

}

server {
    listen 443;
    ssl on;
    ssl_certificate /srv/www/pubg-stats/certs/fullchain.pem;
    ssl_certificate_key /srv/www/pubg-stats/certs/privkey.pem;
    server_name pubgstats.info www.pubgstats.info;
    location / {
            root /srv/www/pubg-stats/;
    }
}

    From what I understand, the configuration listens on port 80 and upgrades a HTTP request to HTTPS. The code was mostly taken from this article. I added the SSL part of the configuration as stated here. Now visiting the site over HTTP works. On HTTPS, the connection is reset. What am I missing in the configuration and what's the best way to configure SSL with Nginx in this case?

Upvotes: 0

Views: 11202

Answers (1)

EternalHour
EternalHour

Reputation: 8621

I don't understand why you didn't add this to /etc/nginx/nginx.conf, but the issue appears to be that you've declared multiple server blocks for the same server. In that case, nqinx will usually choose the first depending on different criteria.

With this configuration, nginx will use SSL by default. If that is not what you want, remove default_server. You don't need ssl on as that is now obsolete and replaced with the ssl parameter in the listen directive.

server {
  listen 80;
  listen 443 default_server ssl;
  ssl_certificate /srv/www/pubg-stats/certs/fullchain.pem;
  ssl_certificate_key /srv/www/pubg-stats/certs/privkey.pem;
  server_name pubgstats.info www.pubgstats.info;
  location '/.well-known/acme-challenge' {
        root /srv/www/pubg-stats;
  }

  location / {
        proxy_pass http://localhost:4200;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
  }
  location /secure {
        auth_pam "Secure zone";
        auth_pam_service_name "nginx";
  }
}

Upvotes: 2

Related Questions