Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Connect to DB installed into dedicated VPS (private networking) Question Question
my site i down please see http://www.cheri3a.com/ Question Question

Question

Receiving 503 on Nginx after setting Cloudflare's Origin Certificate

Posted March 9, 2021 1.1k views
NginxSecurityUbuntu 18.04
How To Host a Website Using Cloudflare and Nginx on Ubuntu 18.04

I have a Django app running with Nginx + Gunicorn. Before, I had a Let’s Encrypt Certificate and Cloudflare SSL encryption mode as Full. After deleting the Let’s Encrypt Cert and modifying everything on my Nginx server I followed this tutorial. Now every request returns 503.

Nginx /sites-enabled/:

server {
    listen 80;
    listen [::]:80;
    server_name my-site.com www.my-site.com;
    return 302 https://$server_name$request_uri;
}

server {
    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl        on;
    ssl_certificate         /etc/ssl/cert.pem;
    ssl_certificate_key     /etc/ssl/key.pem;
    ssl_client_certificate  /etc/ssl/cloudflare.crt;
    ssl_verify_client on;


    server_name my-site.com www.my-site.com;

    location = /favicon.ico {
        access_log off;
        log_not_found off;
    }

    location /static/ {
        root /home/sammy/myproject/app;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }
}

Every status shows that everything is running and active.

Add a comment
javiergarval
By:
javiergarval

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Connect to DB installed into dedicated VPS (private networking) Question Question
my site i down please see http://www.cheri3a.com/ Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
bobbyiliev March 9, 2021

Hi there,

What I could suggest is checking your Nginx error log so you could see the actual error rather than the generic 503 error:

  • tail -100 /var/log/nginx/error.log

Feel free to share the error here as well so I could try to advise you further.

Regards,
Bobby

Reply Report
  • javiergarval March 9, 2021 
    $ sudo tail -1000f /var/log/nginx/error.log
2021/03/09 11:00:29 [crit] 2751#2751: *1 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.241.228.100, server: 0.0.0.0:443
2021/03/09 11:13:01 [crit] 3253#3253: *8 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 94.102.49.190, server: 0.0.0.0:443
2021/03/09 11:13:09 [crit] 3253#3253: *13 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 94.102.49.190, server: 0.0.0.0:443
2021/03/09 11:13:10 [crit] 3253#3253: *15 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 94.102.49.190, server: 0.0.0.0:443
2021/03/09 11:13:10 [crit] 3253#3253: *16 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 94.102.49.190, server: 0.0.0.0:443
2021/03/09 11:13:11 [crit] 3253#3253: *18 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 94.102.49.190, server: 0.0.0.0:443
2021/03/09 11:44:56 [crit] 3524#3524: *6 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.241.226.24, server: 0.0.0.0:443

    $ sudo tail -10000f /var/log/nginx/access.log
45.155.205.225 - - [09/Mar/2021:13:12:14 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.241.225.123 - - [09/Mar/2021:13:20:21 +0000] "GET /ReportServer HTTP/1.1" 302 170 "-" "Mozilla/5.0 zgrab/0.x"
162.158.93.112 - - [09/Mar/2021:13:34:36 +0000] "GET /robots.txt HTTP/1.1" 302 170 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
192.241.226.139 - - [09/Mar/2021:13:35:46 +0000] "GET /hudson HTTP/1.1" 302 170 "-" "Mozilla/5.0 zgrab/0.x"
92.118.12.93 - - [09/Mar/2021:14:06:07 +0000] "\x03\x00\x00*%\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Test" 400 182 "-" "-"
20.188.35.5 - - [09/Mar/2021:14:06:30 +0000] "GET /.env HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
20.188.35.5 - - [09/Mar/2021:14:06:30 +0000] "POST / HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
223.25.98.58 - - [09/Mar/2021:15:50:49 +0000] "GET / HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
    Reply Report
javiergarval March 15, 2021

Found the solution to this nightmare:
Instead of being a problem with Cloudflare’s SSL - altough my first thoughts were related to it because I changed the LetsEncrypt SSL certificate first - it was, indeed, a problem with how Nginx connects to Gunicorn. The server’s Nginx config is alright but the Gunicorn service was located in another folder, not in the one written in the OP.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help