Problem when reconfiguring Nginx for SSL with self-signed certificate

September 4, 2018 502 views
Nginx

I have a VPS on Digital Ocean with Ubuntu 18.04, Nginx, Gunicorn, Django, and a test web application, all configured (ufw) to work with http: 80. Everything works perfectly. Tutorial.

Now I modify the file */sites-available/LibrosWeb * to allow SSL traffic with a self-signed certificate, since I do not have a domain. Tutorial. Result ** “Error 502 Bad Gateway” **.

This is the initial code that works well with http: 80:

server{
        #Configuracion http

        listen 80;
        listen [::]:80;
        server_name 15.15.15.15;

        location = /favicon.ico { access_log off; log_not_found off; }
        location  /robots.txt {
            alias /var/www/LibrosWeb/robots.txt ;
        }        
        location /static/ {
            root /home/gela/LibrosWeb;
        }

        location / {
            include proxy_params;
            proxy_pass http://unix:/run/gunicorn.sock;
        }
    }

And this is the code to allow SSL:

server{
        #Configuracion SSL

        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name 15.15.15.15;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;

        location = /favicon.ico { access_log off; log_not_found off; }
        location  /robots.txt {
            alias /var/www/LibrosWeb/robots.txt ;
        }
        location /static/ {
            root /home/gela/LibrosWeb;
        }

        location / {
            include proxy_params;
            proxy_pass https://unix:/run/gunicorn.sock;
        }
    }

    server{
        #Configuracion http

        listen 80;
        listen [::]:80;
        server_name 15.15.15.15;
        return 302 https://15.15.15.15$request_uri;
    }

UFW configured as:

80,443/tcp (Nginx Full)    ALLOW IN    Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN    Anywhere (v6)

The files ** /etc/nginx/snippets/self-signed.conf ** and ** /etc/nginx/snippets/ssl-params.conf ** are the same as those in the tutorial.

I’ve been testing configurations for two days and the most I could get is that I work halfway, that is, I can show the default page of django but not the one of my application, if I put the code like this:

server{
        #Configuracion http

        listen 80;
        listen [::]:80;
        server_name 15.15.15.15;
        return 302 https://15.15.15.15$request_uri;

        location = /favicon.ico { access_log off; log_not_found off; }
        location  /robots.txt {
            alias /var/www/LibrosWeb/robots.txt ;
        }
        location /static/ {
            root /home/gela/LibrosWeb;
        }
    }

    server{
        #Configuracion SSL

        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name 15.15.15.15;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;

        location / {
           include proxy_params;
           proxy_pass https://unix:/run/gunicorn.sock;
        }
    }

What is wrong, or what is missing?

1 Answer

Solved. The problem is that you also had to restart gunicorn.

Have another answer? Share your knowledge.