Ubuntu NGINX Problems

Posted October 28, 2013 12.8k views
I posted on stackexchange something about this, because I had droplet troubles... Hopefully you guys can reply here... :)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

24 answers
Change the listen directive from Port 80 to listen 443;.
I got this:
http {

server {
listen 80 443 ssl;

rewrite ^(.*)$1 permanent;
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/pingrglobe.crt;
ssl_certificate_key /etc/nginx/ssl/pingrglobe.key;
#enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
ssl_protocols SSLv3 TLSv1;
#Disables all weak ciphers

root /var/www/;
index index.html index.php;

location / {
try_files $uri $uri/ @extensionless-php;
add_header Access-Control-Allow-Origin *;
rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last;
rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last;
rewrite ^/vemail/(.+)$ /vemail?eid=$1 last;
rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last;
rewrite ^/notification/(.+)$ /notification?id=$1 last;
rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last;
rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last;
rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last;
rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last;
rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last;
rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

location @extensionless-php {
rewrite ^(.*)$ $1.php last;

location ~ /\. {
deny all;

Could just be me, but that's hard to read!
listen 80 443 ssl; is not going to work. Put 'em on separate lines. Have you checked out any of the DigitalOcean Nginx & SSL articles?
Yes, and external ones... here's an idea:
If you join my team viewer and help me out with this, I'll send you $5 digitalocean credit as payment...
ID: 453 980 190
Pass: 8477

I am completely mind blown with this... what makes it harder, the SSL wasn't even bundled for me and I had to do it myself.
In /etc/nginx/sites-enabled/, do you only have the one config file you copied to I'll take a crack @ trying to clean it up for ya.
That's all I got for the domain, yeah. That's the full config file.
I found the problem!
Port 443 is being denied... how do I let it pass?
Do you have a firewall installed on your droplet? What's the output of:
sudo iptables -L -n -v
I uninstalled iptables from my load balancer, and all slaves.
Plus, it's 433 being blocked, as the log said.
Do you have ufw installed? Try sudo ufw status verbose.
root@server1:~# sudo ufw status verbose
sudo: ufw: command not found
How were you able to establish that "Port 443 is being denied?" There's a difference b/w a port being blocked and no program (i.e. Nginx) simply listening on a port.

Did you ever install the Nginx SSL module? Is Nginx listening on Port 443?
Adding on Is Nginx listening on Port 443?

To find out if there is anything is listening on port 443, run the following command:

sudo netstat -plutn | grep :443
Nothing is... I didn't know about SSL module!

How would I install it?
Did you restart nginx after installing the config file I put together for ya?
It's most likely already installed. You can check if it's there by running nginx -V.

How did you know that port 443 is blocked?
The log said something like port not available or something along those lines.
It prob. said that b/c you had not told Nginx to listen on Port 443 in your previous config. file.
I did...
server {
listen 443 ssl;
Try dropping the ssl tag; so the line reads listen 443;.
listen 443 ssl; should work fine.

The log said something like port not available or something along those lines.

That doesn't help at all. Paste the log.

Also, what's the output of
sudo netstat -plutn
Submit an Answer