WebFaction
Community site: login faq

I'm trying to run my blog using ghost under nginx with ssl.

I've successfully made it work with http using the following steps:

  1. created a custom application called "nginx" on port 14298
  2. created a website called "nginx" with security set to http
  3. nginx.conf contains:

    server {
        listen 14298;
        server_name nginx.myusername.webfactional.com;
    
        location / {
            root    html;
            index  index.html index.htm;
        }
    
        error_page  404              /404.html;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   html;
        }
    }
    

    Everything works, nginx.myusername.webfactional.com displays the nginx html, and my blog included in vhosts also works. But while trying to enable ssl by doing this:

  4. Updated my "website" called "nginx" with security set to https

  5. Generated my keys:

    openssl req -x509 -nodes -newkey rsa:2048 -keyout nginx.key -out nginx.crt
    
  6. Changed my nginx.conf:

    server {
        listen 14298 ssl;
        server_name nginx.myusername.webfactional.com;
    
       ssl on;
       ssl_certificate /home/myusername/usr/local/etc/nginx/nginx.crt; # Verified path
       ssl_certificate_key /home/myusername/usr/local/etc/nginx/nginx.key; # Verified path
    
        location / {
            root    html;
            index  index.html index.htm;
        }
    
        error_page  404              /404.html;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   html;
        }
    }
    

I'm getting a 502 - Bad Gateway while trying to access:

https://nginx.myusername.webfactional.com

And every time I try to access the url above my nginx logs the following error:

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:14298

I've been trying to solve this for hours to no avail. help please.

asked 10 Dec '15, 02:48

jmiranda
136
accept rate: 100%


You won't be able to configure HTTPS on a private Nginx instance, nor should you ever need to do so unless accessing it directly on an open port in the firewall (which you are not doing and in general you would not do). The reason is that you're proxying the request through the server's front-end Nginx server; see this image (http://docs.webfaction.com/user-guide/_images/inside-the-server.png).

The front-end Nginx server strips HTTPS and forwards HTTP to your application. The client (browser) negotiates the SSL handshake with the front-end Nginx server in that case, and we can install SSL certificates for you without you needing to manage them via a private Nginx. More information is available here (http://docs.webfaction.com/user-guide/websites.html#secure-sites-https).

permanent link

answered 10 Dec '15, 03:07

ryans ♦♦
5.0k93159
accept rate: 43%

Hi Ryans, I'm not well versed in networking software, but trying to understand what you said, the following statements are true?.

  1. Having a private nginx instance is redundant (in my case) because all requests are being processed by webfaction nginx instance.
  2. I won't be able to enable HTTP/2 or SPDY in my blog.
(10 Dec '15, 03:24) jmiranda

(1) Yes, that's true in general, except when you need it for the actual application deployment. An example of that would be an Nginx+Passenger+Rails application.

(2) Correct as of right now. Since requests go through the front-end Nginx server (which supports HTTP/1.1), this doesn't work yet. However we are currently considering the demand and implementation for this now that HTTP/2 is standardized.

(10 Dec '15, 06:27) ryans ♦♦

Gotcha, thank you Ryans! :)

(10 Dec '15, 15:31) jmiranda
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×186

question asked: 10 Dec '15, 02:48

question was seen: 1,949 times

last updated: 10 Dec '15, 15:31

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM