Question

Problem when reconfiguring Nginx for SSL with self-signed certificate

Posted September 4, 2018 771 views
Nginx Ubuntu 18.04

I have a VPS on Digital Ocean with Ubuntu 18.04, Nginx, Gunicorn, Django, and a test web application, all configured (ufw) to work with http: 80. Everything works perfectly. Tutorial.

Now I modify the file */sites-available/LibrosWeb * to allow SSL traffic with a self-signed certificate, since I do not have a domain. Tutorial. Result ** “Error 502 Bad Gateway” **.

This is the initial code that works well with http: 80:

server{
        #Configuracion http

        listen 80;
        listen [::]:80;
        server_name 15.15.15.15;

        location = /favicon.ico { access_log off; log_not_found off; }
        location  /robots.txt {
            alias /var/www/LibrosWeb/robots.txt ;
        }        
        location /static/ {
            root /home/gela/LibrosWeb;
        }

        location / {
            include proxy_params;
            proxy_pass http://unix:/run/gunicorn.sock;
        }
    }

And this is the code to allow SSL:

server{
        #Configuracion SSL

        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name 15.15.15.15;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;

        location = /favicon.ico { access_log off; log_not_found off; }
        location  /robots.txt {
            alias /var/www/LibrosWeb/robots.txt ;
        }
        location /static/ {
            root /home/gela/LibrosWeb;
        }

        location / {
            include proxy_params;
            proxy_pass https://unix:/run/gunicorn.sock;
        }
    }

    server{
        #Configuracion http

        listen 80;
        listen [::]:80;
        server_name 15.15.15.15;
        return 302 https://15.15.15.15$request_uri;
    }

UFW configured as:

80,443/tcp (Nginx Full)    ALLOW IN    Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN    Anywhere (v6)

The files ** /etc/nginx/snippets/self-signed.conf ** and ** /etc/nginx/snippets/ssl-params.conf ** are the same as those in the tutorial.

I’ve been testing configurations for two days and the most I could get is that I work halfway, that is, I can show the default page of django but not the one of my application, if I put the code like this:

server{
        #Configuracion http

        listen 80;
        listen [::]:80;
        server_name 15.15.15.15;
        return 302 https://15.15.15.15$request_uri;

        location = /favicon.ico { access_log off; log_not_found off; }
        location  /robots.txt {
            alias /var/www/LibrosWeb/robots.txt ;
        }
        location /static/ {
            root /home/gela/LibrosWeb;
        }
    }

    server{
        #Configuracion SSL

        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name 15.15.15.15;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;

        location / {
           include proxy_params;
           proxy_pass https://unix:/run/gunicorn.sock;
        }
    }

What is wrong, or what is missing?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Solved. The problem is that you also had to restart gunicorn.

Submit an Answer