View previous topic :: View next topic |
Author |
Message |
cwc Veteran
Joined: 20 Mar 2006 Posts: 1275 Location: Tri-Cities, WA USA
|
Posted: Mon Oct 13, 2014 11:51 am Post subject: nginx and ssl port 443 has anyone done this? |
|
|
I'd like to some advice with https .
I can not get this to work on my server.
http://wiki.gentoo.org/wiki/Nginx
I read the above link and have search how to set up a https web server.
Currently I test on my gentoo box using port 80.
http://68.186.77.53/
I've also read this link from the nginx site.
http://nginx.org/en/docs/http/configuring_https_servers.html
I'd like to learn how to use port 443.
Please throw me a bone. _________________ Without diversity there can be no evolution:) |
|
Back to top |
|
|
wxd n00b
Joined: 13 Sep 2006 Posts: 31
|
Posted: Mon Oct 13, 2014 2:34 pm Post subject: |
|
|
Did you generated self-signed certificate?
Please post your config. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21494
|
Posted: Mon Oct 13, 2014 10:35 pm Post subject: |
|
|
It should work fine. Please explain why you think your setup is not working. |
|
Back to top |
|
|
cwc Veteran
Joined: 20 Mar 2006 Posts: 1275 Location: Tri-Cities, WA USA
|
Posted: Tue Oct 14, 2014 11:26 am Post subject: |
|
|
dw2sm wrote: | Did you generated self-signed certificate?
Please post your config. |
thanks for the help
here is my config. I did generate a key with:
$ openssl passwd
Password:
Verifying - Password:
VCbvgrJh1ojqQ
Code: |
user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error_log info;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
#cwc 140809
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
index index.html index.php;
server {
listen 80;
server_name localhost azzerare;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
root /home/cwc/html;
location / {
autoindex on;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi.conf;
#location ~ \.php$ {
# Test for non-existent scripts or throw a 404 error
# Without this line, nginx will blindly send any request
#ending in .php to php-fpm
#try_files $uri =404;
#include /etc/nginx/fastcgi.conf;
#fastcgi_pass unix:/run/php-fpm.socket;
}
}
# SSL example
server {
listen 127.0.0.1:443;
server_name localhost 192.168.1.14 azzerare;
ssl on;
ssl_certificate /etc/ssl/nginx/nginx.pem;
ssl_certificate_key /etc/ssl/nginx/nginx.key;
access_log /var/log/nginx/localhost.ssl_access_log main;
error_log /var/log/nginx/localhost.ssl_error_log info;
# root /var/www/localhost/htdocs;
root /home/cwc/html;
}
}
|
_________________ Without diversity there can be no evolution:) |
|
Back to top |
|
|
cwc Veteran
Joined: 20 Mar 2006 Posts: 1275 Location: Tri-Cities, WA USA
|
Posted: Tue Oct 14, 2014 11:28 am Post subject: |
|
|
Hu wrote: | It should work fine. Please explain why you think your setup is not working. |
thanks for the help
Here's the error:
azzerare uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for localhost (Error code: sec_error_unknown_issuer)
Code: |
This Connection is Untrusted
You have asked Firefox to connect securely to azzerare, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
azzerare uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for localhost (Error code: sec_error_unknown_issuer)
If you understand what's going on, you can tell Firefox to start trusting this site's identification. Even if you trust the site, this error could mean that someone is tampering with your connection.
Don't add an exception unless you know there's a good reason why this site doesn't use trusted identification.
|
_________________ Without diversity there can be no evolution:) |
|
Back to top |
|
|
xaviermiller Bodhisattva
Joined: 23 Jul 2004 Posts: 8706 Location: ~Brussels - Belgique
|
Posted: Tue Oct 14, 2014 11:29 am Post subject: |
|
|
Seems OK and normal. _________________ Kind regards,
Xavier Miller |
|
Back to top |
|
|
cwc Veteran
Joined: 20 Mar 2006 Posts: 1275 Location: Tri-Cities, WA USA
|
Posted: Tue Oct 14, 2014 12:17 pm Post subject: |
|
|
My index page is a php file:
index.php
Code: |
<?php
session_start();
$_SESSION['pagename'] = "azzerare";
include 'db/pushhits.php';
/*** begin the session ***/
if(!isset($_SESSION['user_id']))
{ $message = 'You must be logged in to access this page'; }
else
{ try {
$mysql_hostname = 'localhost'; $mysql_username = 'mysql_username'; $mysql_password = 'mysql_password'; $mysql_dbname = 'phpro_auth';
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("SELECT username FROM users WHERE id = :id");
$stmt->bindParam(':id', $_SESSION['id'], PDO::PARAM_INT);
$stmt->execute();
$phpro_username = $stmt->fetchColumn();
if($phpro_username == false)
{ $message = 'Access Error'; }
else
{ $message = 'Welcome '.$phpro_username; }
}
catch (Exception $e)
{ $message = 'We are unable to process your request. Please try again later"'; }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
. . . . . .
|
_________________ Without diversity there can be no evolution:) |
|
Back to top |
|
|
xaviermiller Bodhisattva
Joined: 23 Jul 2004 Posts: 8706 Location: ~Brussels - Belgique
|
Posted: Tue Oct 14, 2014 12:24 pm Post subject: |
|
|
The only problem is that Firefox warns you because your SSL certificate is self-signed. This is normal, you have to tell Firerfox your SSL certifiact is OK to disable the warning and show your website. _________________ Kind regards,
Xavier Miller |
|
Back to top |
|
|
cwc Veteran
Joined: 20 Mar 2006 Posts: 1275 Location: Tri-Cities, WA USA
|
Posted: Tue Oct 14, 2014 1:38 pm Post subject: |
|
|
XavierMiller wrote: | The only problem is that Firefox warns you because your SSL certificate is self-signed. This is normal, you have to tell Firerfox your SSL certifiact is OK to disable the warning and show your website. |
thanks I think I got it using index.html
i need to go to work and I'll work on php tonight
thanks again _________________ Without diversity there can be no evolution:) |
|
Back to top |
|
|
|