0

so I have a Django application, on a droplet running Ubuntu. I have nginx and Gunicorn and I am trying to setup https with Let's Encrypt, but I keep getting a "Site cannot be reached error".

Here is my nginx.conf : 

upstream Tutorial2_prod{ server unix:/var/test/proiect/Tutorial2.sock fail_timeout=0; } server { server_name juristnet.ro www.juristnet.ro; listen 443; # <- ssl on; # <- ssl_certificate /etc/letsencrypt/live/juristnet.ro/fullchain.pem; # <- ssl_certificate_key /etc/letsencrypt/live/juristnet.ro/privkey.pem; # <- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; location = /favicon.ico { access_log off; log_not_found off; alias /var/test/proiect/favicon.ico; } location /static/ { autoindex on; root /var/test/proiect; } location /assets/ { autoindex on; alias /var/test/proiect/assets/; } location /.well-known/ { autoindex on; allow all; alias /var/test/proiect/.well-known/; } location / { include /etc/nginx/fastcgi_params; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://unix:/var/test/proiect/Tutorial2.sock; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 80; server_name www.juristnet.ro juristnet.ro; return 301 https://juristnet.ro$request_uri; }

Output of netstat -an | grep 443

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 36 46.101.111.197:22 81.196.30.196:44356 ESTABLISHED

Gunicorn conf file:

description "Gunicorn application server handling juristnet" start on runlevel [2345] stop on runlevel [!2345] respawn setuid admin setgid root chdir /var/test/proiect exec /var/test/proiect/jurist/bin/gunicorn --workers 3 --bind unix:/var/test/proiect/Tutorial2.sock Tutorial2.wsgi:application

Error logs are clear. Nginx -t returns no error. I can't figure out what is happening, i think it could be caused by the proxy_pass in the nginx conf. The domain is redirected correctly to https://example.com, but it shows nothing. Just that Connection Refused error. Any help would be appreciated, thank you!

Improve this question
2
  • Is this config file on your website or a test box? https forwarding looks to be set up but isn't being applied. Since the .well-known folder is forwarded to https but there's no certificate set up I wonder if that's a catch 22. I would put a location for that directory on http aliasing that directory, which means you need your existing https redirect within another new location. Commented Feb 4, 2017 at 23:33
  • The certificate is setup. I obtained it from let's encrypt, and they could verify the files in well-known, so I am assuming the problem is not there Commented Feb 7, 2017 at 13:44

2 Answers 2

Reset to default
0

Perhaps running nginx and the Gunicorn process as the same user & group may yield results.

Specifying the user and group in the nginx.conf by specifying:

user username groupname
Improve this answer
1
  • tried that, still not working :( Commented Feb 7, 2017 at 13:57
0

You provide little indication as to Let's Encrypt invocation but I'm assuming webroot. In that case you need to serve challenges over port 80 so you need to have a location block for .well-known instead of a catch-all redirect.

Improve this answer
3
  • I'm sorry for not being specific about that, I ended up adding the 443 server block inside the 80 one, so it's not https only. But the problem is still there. Commented Feb 7, 2017 at 13:48
  • Try adding a test file in .well-known and curl it. If it doesn't work, the issue is clearly NGINX and has little to do with Gunicorn. Commented Feb 7, 2017 at 19:54
  • It does work curling it. By the way, I don't know if it's relevant, but running nmap on localhost shows port 443 open, but running it for the server ip shows it is closed. But I am guessing a connection needs to be established for it to be open from the exterior, so I still think it has something to do with Nginx. I opened another question with more info if you want to take a look : serverfault.com/questions/831160/… Thanks anyway for your help :D Commented Feb 7, 2017 at 20:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.