Question

Can't get HTTPS to work

Hi all,

I’m new to this, so please be patient :-)

I wanted to host a Ghost blog on DO, so I followed the guide and created a Ghost droplet. I got my domain name from GoogleApps, and my blog is now accessible via karmaisaword.com - so far so good. However, I wanted to enable encryption for the blog (no real reason other than to learn), so I got my pk & cert from StartSSL and installed them to nginx. I created a new server config in my default virtual host file for it: server { listen 443 ssl; root /usr/share/nginx/html; index index.html index.htm;

server_name karmaisaword.com;

ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1;

}

after restarting nginx, “netstat -tulpn | grep 443” says nginx is listening to this port. I also added a rule to iptables to allow incoming ssl connections:

ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

at this point i would expect the port to be “open” from outside, but http://www.yougetsignal.com/tools/open-ports/ says port 443 is still closed, and going to https://karmaisaword.com hits a connection timeout. I can’t see any mention of the https request in my nginx logs (but regular port 80 ones get logged out), so I assume it never reaches nginx. I tried adding some logging to iptables, but I haven’t seen any output in /var/log/messages for this rule:

LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "

so, either that rule is not doing what i wanted it to, or the request never even reaches the firewall? at this point I’m utterly confused and would really appreciate some help! thanks :-)


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Please <a href=“http://pastebin.com”>pastebin</a> your virtualhost config.

well, it kinda works now with these added to the 443 server config.location: <br> <br> proxy_set_header Host $host; <br> proxy_set_header X-Real-IP $remote_addr; <br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; <br> proxy_redirect http:// https://; <br> proxy_pass http://localhost:2368/; <br> <br>the problem now is that css is not loading. looking at the source of the page, the url to the css seems correct (https://karmaisaword.com/assets/css/screen.css), but it’s not accessible. wonder what that is all about.