I followed this tutorial: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 in order get ssl https for my website.
My original nginx reverse-proxy server block successfully displayed my webpage when visiting gentrydemchak.com.
server {
listen 80;
listen [::]:80;
server_name gentrydemchak.com www.gentrydemchak.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The new server block doesn’t throw any errors, and Qualys SSL Labs Report even gave the encryption an A+ rating. but rather than showing my website it displays the nginx welcome page. The server block suggested by the tutorial that i’m using is below:
server {
listen 443 ssl;
server_name gentrydemchak.com www.gentrydemchak.com;
ssl_certificate /etc/letsencrypt/live/gentrydemchak.com/fullc$
ssl_certificate_key /etc/letsencrypt/live/gentrydemchak.com/p$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-G$
ssl_session_timeout 1d;
ssl_stapling on;
ssl_session_cache shared:SSL:50m;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /\.well-known/acme-challenge {
root /root/portfolio/public;
}
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
Why is it not serving my website? Is my website in the wrong directory? Is the proxy setup wrong? Am I missing something else entirely?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
The first thing that jumps out at me is that your configuration is missing a closing
}
. Not sure if that’s the case in the file on your server or was just a mistake in copy/pasting it here.Below you can find the configuraiton I am personally using on one of my droplets to do a proxy_pass configuration with a LetsEncrypt generated certificate.
Hope that helps!