2

I've installed a new SSL certificate and set up Nginx to use it. But requests time out when trying to hit HTTPS on the site. When I telnet to my domain on port 80 it connects, but times out on port 443. I'm not sure if there's some defaults on Ubuntu preventing a connection. cURL also times out to the HTTPS address but responds to regular HTTP.

UFW status shows:

443 ALLOW Anywhere

netstat -a shows:

tcp 0 0 *:https *:* LISTEN

nmap localhost shows:

443/tcp open https

The relevant block in the Nginx config is:

server { listen 443; listen [::]:80 ipv6only=on; listen 80; root /path/to/app; server_name mydomain.com ssl on; ssl_certificate /etc/nginx/ssl/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/server.key; location / { proxy_pass http://mydomain.com; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

Edit: having tried a whole range of nginx configuration options, I'm really doubting it's the setup. If the ssl-bundle.crt is screwed up, would it cause the time out to happen? If so I can revert to PositiveSSL for support.

Improve this question
8
  • Telnet times out because the server waits for you to start with a SSL Client Hello packet, which you don't send. Did you even try with a browser? Commented Jun 4, 2014 at 15:06
  • Yes. On a browser I can access the site via HTTP but times out via HTTPS. I'm not too familiar with telneting or SSL. How would you attempt the protocol with an example packet? Commented Jun 4, 2014 at 15:10
  • Use curl instead which handles everything for you. Commented Jun 4, 2014 at 15:29
  • @NathanC well same result. Commented Jun 4, 2014 at 15:35
  • @Simpleton: have you checked the log files of nginx for error messages? Commented Jun 4, 2014 at 15:56

3 Answers 3

Reset to default
1

Try this:

server { listen 443 ssl; listen [::]:80 ipv6only=on; listen 80; root /path/to/app; server_name mydomain.com ssl_certificate /etc/nginx/ssl/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/server.key; location / { proxy_pass http://mydomain.com; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

(remove ssl on;, add ssl to listen 443;)

Improve this answer
0

I'd like to agree to Steffen's comment (listen 443 and listen 80 in same server block).

Please handle HTTP and HTTPS in different server blocks. I assume that the second listen directive has overwritten your first listen directive. Additionally I have missed the "ssl" keyword in your listen-directives for port 443.

server { listen 80; listen [::]:80 ipv6only=on; root /path/to/app; server_name mydomain.com location / { proxy_pass http://mydomain.com; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; root /path/to/app; server_name mydomain.com ssl on; ssl_certificate /etc/nginx/ssl/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/server.key; location / { proxy_pass http://mydomain.com; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

As user xofer reported, it's possible to have HTTP and HTTPS in one server block. So an example for this all-in-one solution as well:

server { listen 80; listen [::]:80 ipv6only=on; listen 443 ssl; listen [::]:443 ssl ipv6only=on; root /path/to/app; server_name mydomain.com ssl on; ssl_certificate /etc/nginx/ssl/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/server.key; location / { proxy_pass http://mydomain.com; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
Improve this answer
6
  • from Configuring HTTPS Servers: It is possible to configure a single server that handles both HTTP and HTTPS requests Commented Jun 4, 2014 at 17:03
  • @xofer: Interesting, but it seems that the keyword "ssl" was missing for port 443 directives. So maybe the port was working fine but with HTTP and not (as expected by browsers) with HTTPS. Commented Jun 4, 2014 at 17:11
  • will reply here because both of you will be notified. I've tried both and other server block setups. But I really doubt it's an nginx config issue. Commented Jun 4, 2014 at 17:29
  • @Jens Bradler: Yes, probably should drop ssl on too. I'd think it would run SSL on both ports, but who knows? @Simpleton: If none of this works, try commenting the IPv6 line. Commented Jun 4, 2014 at 17:45
  • No luck removing that line. NB have added edit. Commented Jun 4, 2014 at 17:53
0

The problem wasn't Nginx nor was it something anyone could have helped with so I'll leave this here in case anyone has this problem in future.

The problem was that port 443 was closed on Cloudflare as I was on the free plan. They do not support SSL on the free plan.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.