CloudFlare SSL with WordPress Ubuntu LEMP

February 7, 2018 1.1k views
LEMP Nginx WordPress Ubuntu 16.04

I have an SSL through cloudflare, and i have uploaded it to /var/ssl/ssl.pem and /var/ssl/ssl.key. I changed the folder permissions to chmod 700 /var/ssl.

I can access my site via http://165.227.182.40/ and http://aaronstone.io/ but not https://aaronstone.io/

sudo ufw status returns:


WARN: / is group writable!
Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere
443                        ALLOW       Anywhere
80                         ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22 (v6)                    LIMIT       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

netstat -atn shows

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:60484 127.0.0.1:3306 ESTABLISHED
tcp 0 0 165.227.182.40:22 63.131.219.239:58963 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:60484 ESTABLISHED
tcp 0 316 165.227.182.40:22 63.131.219.239:58846 ESTABLISHED
tcp 0 0 127.0.0.1:60486 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:60486 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN

My NginX config is as follows:

server {
    listen 80;
    listen [::]:80;

    # SSL configuration
    #
     listen 443 ssl;
     listen [::]:443 ssl;
         ssl_certificate /var/ssl/ssl.pem;
        ssl_certificate_key /var/ssl/ssl.key;

    root /var/www/html/;

    # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;

    server_name aaronstone.io www.aaronstone.io;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
             location ~ \.php$ {
        include snippets/fastcgi-php.conf;

        # With php7.0-cgi alone:
        #fastcgi_pass 127.0.0.1:9000;
        # With php7.0-fpm:
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny all;
    }
    location ~ /.well-known {
        allow all;
    }
}

1 Answer
apstone February 7, 2018
Accepted Answer

I had not symlinked my sites-available to sites-enabled

Have another answer? Share your knowledge.