NGINX SSL Connection Refused..

March 27, 2017 606 views
Nginx Ubuntu 16.04

I followed this guide exactly how it says:
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-16-04

However the protocol is still HTTP 1, doesn't redirect to HTTPS and when visiting https://sub.domain.com/ I get connection refused.

Website is vote.essaeg.ca, it's a subdomain, the SSL certificate I got from namecheap allows for subdomains.

I tried making the server name both the domain and with the subdomain, no change. I tried this command and it gave an nginx error 111.

Here is my configuration file:

server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        ssl on;
        ssl_certificate /etc/nginx/ssl/essaeg_ca.crt;
        ssl_certificate_key /etc/nginx/ssl/vote.essaeg.ca.key;
        ssl_dhparam  /etc/nginx/ssl/dhparam.pem;
        root /var/www/html;


        server_name essaeg.ca;
        return         301 https://$server_name$request_uri;

        location / {
                try_files $uri $uri/ =404;
        }
}

server {
       listen         80;
       listen    [::]:80;
       server_name   essaeg.ca;
       return         301 https://$server_name$request_uri;
}


3 Answers

You have a return in the https server block, which will create an infinite loop.
Remove return 301 https://$server_name$request_uri; from the first block.
And then post the content of your error log:

tail -50 /var/log/nginx/error.log

@Theabdullahem

For the main domain, this [modified] version of your server blocks should work, though keep in mind, HTTP2 requires SSL, so only SSL requests will be served when and where HTTP2 is supported. You won't see HTTP2 on standard requests to port 80.

server {
    listen 80;
    listen [::]:80;
    server_name essaeg.ca;

    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name essaeg.ca;

    ssl on;
    ssl_certificate /etc/nginx/ssl/essaeg_ca.crt;
    ssl_certificate_key /etc/nginx/ssl/vote.essaeg.ca.key;
    ssl_dhparam  /etc/nginx/ssl/dhparam.pem;

    root /var/www/html;

    location / {
        try_files $uri $uri/ =404;
    }
}

If you need to setup vote.essaeg.ca using SSL, then you'll need to setup two more server blocks, one for port 80 and one for 443, such as:

server {
    listen 80;
    listen [::]:80;
    server_name vote.essaeg.ca;

    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name vote.essaeg.ca;

    ssl on;
    ssl_certificate /etc/nginx/ssl/essaeg_ca.crt;
    ssl_certificate_key /etc/nginx/ssl/vote.essaeg.ca.key;
    ssl_dhparam  /etc/nginx/ssl/dhparam.pem;

    root /var/www/html;

    location / {
        try_files $uri $uri/ =404;
    }
}

In the above, I've only changed essaeg.ca to vote.essaeg.ca, so you'd need to change root to set the home directory for that sub-domain.

If those don't work, please run the tail command @hansen noted and we can troubleshoot from there.

I appreciate your help, I tried using that for the conf file but it still the same, the server I'm running is solely for the sub domain so that is the root directory.

I ran tail -50 /var/log/nginx/error.log but it didn't show anything, same thing when I tried to open that log file. The connection still refuses when I try to access via HTTPS and doesn't redirect.

Could this be something with how the domain linking is setup with the DNS?

Have another answer? Share your knowledge.