Ubuntu NGINX Problems

October 28, 2013 12.2k views
I posted on stackexchange something about this, because I had droplet troubles... http://serverfault.com/questions/549064/nginx-ssl-certificate-not-working Hopefully you guys can reply here... :)
24 Answers
Change the listen directive from Port 80 to listen 443;.
I got this:
http {

server {
listen 80 443 ssl;

server_name www.pingrglobe.com pingrglobe.com;
rewrite ^(.*) https://www.pingrglobe.com$1 permanent;
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/pingrglobe.crt;
ssl_certificate_key /etc/nginx/ssl/pingrglobe.key;
#enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
ssl_protocols SSLv3 TLSv1;
#Disables all weak ciphers
server_name www.pingrglobe.com;

root /var/www/pingrglobe.com;
index index.html index.php;

location / {
try_files $uri $uri/ @extensionless-php;
add_header Access-Control-Allow-Origin *;
rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last;
rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last;
rewrite ^/vemail/(.+)$ /vemail?eid=$1 last;
rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last;
rewrite ^/notification/(.+)$ /notification?id=$1 last;
rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last;
rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last;
rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last;
rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last;
rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last;
rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

location @extensionless-php {
rewrite ^(.*)$ $1.php last;

location ~ /\. {
deny all;

Could just be me, but that's hard to read!
listen 80 443 ssl; is not going to work. Put 'em on separate lines. Have you checked out any of the DigitalOcean Nginx & SSL articles?
Yes, and external ones... here's an idea:
If you join my team viewer and help me out with this, I'll send you $5 digitalocean credit as payment...
ID: 453 980 190
Pass: 8477

I am completely mind blown with this... what makes it harder, the SSL wasn't even bundled for me and I had to do it myself.
In /etc/nginx/sites-enabled/, do you only have the one config file you copied to https://p.kk7.me/golitobete.nginx? I'll take a crack @ trying to clean it up for ya.
That's all I got for the pingrglobe.com domain, yeah. That's the full config file.
I found the problem!
Port 443 is being denied... how do I let it pass?
Do you have a firewall installed on your droplet? What's the output of:
sudo iptables -L -n -v
I uninstalled iptables from my load balancer, and all slaves.
Plus, it's 433 being blocked, as the log said.
Do you have ufw installed? Try sudo ufw status verbose.
root@server1:~# sudo ufw status verbose
sudo: ufw: command not found
How were you able to establish that "Port 443 is being denied?" There's a difference b/w a port being blocked and no program (i.e. Nginx) simply listening on a port.

Did you ever install the Nginx SSL module? Is Nginx listening on Port 443?
Adding on Is Nginx listening on Port 443?

To find out if there is anything is listening on port 443, run the following command:

sudo netstat -plutn | grep :443
Nothing is... I didn't know about SSL module!

How would I install it?
Did you restart nginx after installing the config file I put together for ya?
It's most likely already installed. You can check if it's there by running nginx -V.

How did you know that port 443 is blocked?
The log said something like port not available or something along those lines.
It prob. said that b/c you had not told Nginx to listen on Port 443 in your previous config. file.
I did...
server {
listen 443 ssl;
Try dropping the ssl tag; so the line reads listen 443;.
listen 443 ssl; should work fine.

The log said something like port not available or something along those lines.

That doesn't help at all. Paste the log.

Also, what's the output of
sudo netstat -plutn
Have another answer? Share your knowledge.