I'm new to this, so please be patient :-)
I wanted to host a Ghost blog on DO, so I followed the guide and created a Ghost droplet. I got my domain name from GoogleApps, and my blog is now accessible via karmaisaword.com - so far so good. However, I wanted to enable encryption for the blog (no real reason other than to learn), so I got my pk & cert from StartSSL and installed them to nginx. I created a new server config in my default virtual host file for it:
listen 443 ssl;
index index.html index.htm;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
after restarting nginx, "netstat -tulpn | grep 443" says nginx is listening to this port. I also added a rule to iptables to allow incoming ssl connections:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
at this point i would expect the port to be "open" from outside, but http://www.yougetsignal.com/tools/open-ports/ says port 443 is still closed, and going to https://karmaisaword.com hits a connection timeout. I can't see any mention of the https request in my nginx logs (but regular port 80 ones get logged out), so I assume it never reaches nginx. I tried adding some logging to iptables, but I haven't seen any output in /var/log/messages for this rule:
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
so, either that rule is not doing what i wanted it to, or the request never even reaches the firewall? at this point I'm utterly confused and would really appreciate some help! thanks :-)
These answers are provided by our Community. If you find them useful, show some love by clicking the heart.
If you run into issues leave a comment, or add your own answer to help others.