By vilhelmas
Hi all,
I’m new to this, so please be patient :-)
I wanted to host a Ghost blog on DO, so I followed the guide and created a Ghost droplet. I got my domain name from GoogleApps, and my blog is now accessible via karmaisaword.com - so far so good. However, I wanted to enable encryption for the blog (no real reason other than to learn), so I got my pk & cert from StartSSL and installed them to nginx. I created a new server config in my default virtual host file for it: server { listen 443 ssl; root /usr/share/nginx/html; index index.html index.htm;
server_name karmaisaword.com;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1;
}
after restarting nginx, “netstat -tulpn | grep 443” says nginx is listening to this port. I also added a rule to iptables to allow incoming ssl connections:
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
at this point i would expect the port to be “open” from outside, but http://www.yougetsignal.com/tools/open-ports/ says port 443 is still closed, and going to https://karmaisaword.com hits a connection timeout. I can’t see any mention of the https request in my nginx logs (but regular port 80 ones get logged out), so I assume it never reaches nginx. I tried adding some logging to iptables, but I haven’t seen any output in /var/log/messages for this rule:
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
so, either that rule is not doing what i wanted it to, or the request never even reaches the firewall? at this point I’m utterly confused and would really appreciate some help! thanks :-)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Ghost doesn’t work like that – the pages are served by node so you can’t use only nginx to serve them. <br>Did you follow a specific article on installing Ghost? Also, please pastebin your virtualhosts. Thanks.
Please <a href=“http://pastebin.com”>pastebin</a> your virtualhost config.
I’m not really sure about the firewall thing, whether it could cause the issue, but you could check / do the following things regarding your certs: <br> <br>- check whether the .crt file contains 3 blocks beginning with -----BEGIN CERTIFICATE-----. If not, you have to add the missing certs to your file. It should contain: your cert, intermediate cert and the root cert in exactly this order <br>- Just for testing, remove every line containing ssl_ except: ssl_certificate and ssl_certificate_key. <br>- also make sure the user nginx running with is able to access these files. I’m not sure, whether it would even start w/o having access
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Start building today
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
