By vilhelmas
Hi all,
I’m new to this, so please be patient :-)
I wanted to host a Ghost blog on DO, so I followed the guide and created a Ghost droplet. I got my domain name from GoogleApps, and my blog is now accessible via karmaisaword.com - so far so good. However, I wanted to enable encryption for the blog (no real reason other than to learn), so I got my pk & cert from StartSSL and installed them to nginx. I created a new server config in my default virtual host file for it: server { listen 443 ssl; root /usr/share/nginx/html; index index.html index.htm;
server_name karmaisaword.com;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1;
}
after restarting nginx, “netstat -tulpn | grep 443” says nginx is listening to this port. I also added a rule to iptables to allow incoming ssl connections:
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
at this point i would expect the port to be “open” from outside, but http://www.yougetsignal.com/tools/open-ports/ says port 443 is still closed, and going to https://karmaisaword.com hits a connection timeout. I can’t see any mention of the https request in my nginx logs (but regular port 80 ones get logged out), so I assume it never reaches nginx. I tried adding some logging to iptables, but I haven’t seen any output in /var/log/messages for this rule:
LOG all – 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
so, either that rule is not doing what i wanted it to, or the request never even reaches the firewall? at this point I’m utterly confused and would really appreciate some help! thanks :-)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Ghost doesn’t work like that – the pages are served by node so you can’t use only nginx to serve them. <br>Did you follow a specific article on installing Ghost? Also, please pastebin your virtualhosts. Thanks.
Please <a href=“http://pastebin.com”>pastebin</a> your virtualhost config.
I’m not really sure about the firewall thing, whether it could cause the issue, but you could check / do the following things regarding your certs: <br> <br>- check whether the .crt file contains 3 blocks beginning with -----BEGIN CERTIFICATE-----. If not, you have to add the missing certs to your file. It should contain: your cert, intermediate cert and the root cert in exactly this order <br>- Just for testing, remove every line containing ssl_ except: ssl_certificate and ssl_certificate_key. <br>- also make sure the user nginx running with is able to access these files. I’m not sure, whether it would even start w/o having access
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.