Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
nginx and ssl port 443 has anyone done this?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cwc
Veteran
Veteran


Joined: 20 Mar 2006
Posts: 1275
Location: Tri-Cities, WA USA

PostPosted: Mon Oct 13, 2014 11:51 am    Post subject: nginx and ssl port 443 has anyone done this? Reply with quote

I'd like to some advice with https .
I can not get this to work on my server.

http://wiki.gentoo.org/wiki/Nginx
I read the above link and have search how to set up a https web server.

Currently I test on my gentoo box using port 80.
http://68.186.77.53/

I've also read this link from the nginx site.
http://nginx.org/en/docs/http/configuring_https_servers.html

I'd like to learn how to use port 443.

Please throw me a bone.
_________________
Without diversity there can be no evolution:)
Back to top
View user's profile Send private message
wxd
n00b
n00b


Joined: 13 Sep 2006
Posts: 31

PostPosted: Mon Oct 13, 2014 2:34 pm    Post subject: Reply with quote

Did you generated self-signed certificate?

Please post your config.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21494

PostPosted: Mon Oct 13, 2014 10:35 pm    Post subject: Reply with quote

It should work fine. Please explain why you think your setup is not working.
Back to top
View user's profile Send private message
cwc
Veteran
Veteran


Joined: 20 Mar 2006
Posts: 1275
Location: Tri-Cities, WA USA

PostPosted: Tue Oct 14, 2014 11:26 am    Post subject: Reply with quote

dw2sm wrote:
Did you generated self-signed certificate?

Please post your config.


thanks for the help

here is my config. I did generate a key with:
$ openssl passwd
Password:
Verifying - Password:
VCbvgrJh1ojqQ

Code:

user nginx nginx;
worker_processes 1;

error_log /var/log/nginx/error_log info;

events {
   worker_connections 1024;
   use epoll;
}

http {
   include /etc/nginx/mime.types;
   default_type application/octet-stream;
   
   #cwc 140809
   fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;


   log_format main
      '$remote_addr - $remote_user [$time_local] '
      '"$request" $status $bytes_sent '
      '"$http_referer" "$http_user_agent" '
      '"$gzip_ratio"';

   client_header_timeout 10m;
   client_body_timeout 10m;
   send_timeout 10m;

   connection_pool_size 256;
   client_header_buffer_size 1k;
   large_client_header_buffers 4 2k;
   request_pool_size 4k;

   gzip on;
   gzip_min_length 1100;
   gzip_buffers 4 8k;
   gzip_types text/plain;

   output_buffers 1 32k;
   postpone_output 1460;

   sendfile on;

   tcp_nopush on;
   tcp_nodelay on;

   keepalive_timeout 75 20;

   ignore_invalid_headers on;

   index index.html index.php;

   server {
       listen 80;
      
         server_name localhost azzerare;

      access_log /var/log/nginx/localhost.access_log main;
      error_log /var/log/nginx/localhost.error_log info;

      root /home/cwc/html;
      
      location / {
                     autoindex on;
           }
      
        location ~ .php$ {
                        fastcgi_pass 127.0.0.1:9000;
                        include fastcgi.conf;
         
         #location ~ \.php$ {
                       # Test for non-existent scripts or throw a 404 error
                       # Without this line, nginx will blindly send any request             
         #ending in .php to php-fpm
                       #try_files $uri =404;
                       #include /etc/nginx/fastcgi.conf;
                       #fastcgi_pass unix:/run/php-fpm.socket;

      }
   }


   # SSL example
   server {
      listen 127.0.0.1:443;
      server_name localhost 192.168.1.14 azzerare;

      ssl on;
      ssl_certificate /etc/ssl/nginx/nginx.pem;
      ssl_certificate_key /etc/ssl/nginx/nginx.key;

      access_log /var/log/nginx/localhost.ssl_access_log main;
      error_log /var/log/nginx/localhost.ssl_error_log info;

#       root /var/www/localhost/htdocs;
      root /home/cwc/html;
   }
}


_________________
Without diversity there can be no evolution:)
Back to top
View user's profile Send private message
cwc
Veteran
Veteran


Joined: 20 Mar 2006
Posts: 1275
Location: Tri-Cities, WA USA

PostPosted: Tue Oct 14, 2014 11:28 am    Post subject: Reply with quote

Hu wrote:
It should work fine. Please explain why you think your setup is not working.

thanks for the help
Here's the error:
azzerare uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for localhost (Error code: sec_error_unknown_issuer)

Code:


This Connection is Untrusted

You have asked Firefox to connect securely to azzerare, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

azzerare uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for localhost (Error code: sec_error_unknown_issuer)

If you understand what's going on, you can tell Firefox to start trusting this site's identification. Even if you trust the site, this error could mean that someone is tampering with your connection.

Don't add an exception unless you know there's a good reason why this site doesn't use trusted identification.




_________________
Without diversity there can be no evolution:)
Back to top
View user's profile Send private message
xaviermiller
Bodhisattva
Bodhisattva


Joined: 23 Jul 2004
Posts: 8706
Location: ~Brussels - Belgique

PostPosted: Tue Oct 14, 2014 11:29 am    Post subject: Reply with quote

Seems OK and normal.
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
cwc
Veteran
Veteran


Joined: 20 Mar 2006
Posts: 1275
Location: Tri-Cities, WA USA

PostPosted: Tue Oct 14, 2014 12:17 pm    Post subject: Reply with quote

My index page is a php file:

index.php

Code:

<?php
session_start();
$_SESSION['pagename'] = "azzerare";
include 'db/pushhits.php';

/*** begin the session ***/

 
if(!isset($_SESSION['user_id']))
{   $message = 'You must be logged in to access this page'; }
else
{  try  {     
        $mysql_hostname = 'localhost';   $mysql_username = 'mysql_username';  $mysql_password = 'mysql_password';   $mysql_dbname = 'phpro_auth';
              $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
            $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
              $stmt = $dbh->prepare("SELECT username FROM users WHERE id = :id");
          $stmt->bindParam(':id', $_SESSION['id'], PDO::PARAM_INT);
          $stmt->execute();
          $phpro_username = $stmt->fetchColumn();
          if($phpro_username == false)
              {          $message = 'Access Error';  }
        else
              {      $message = 'Welcome '.$phpro_username;   }
    }
    catch (Exception $e)
    {   $message = 'We are unable to process your request. Please try again later"';  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
. . . . . .


_________________
Without diversity there can be no evolution:)
Back to top
View user's profile Send private message
xaviermiller
Bodhisattva
Bodhisattva


Joined: 23 Jul 2004
Posts: 8706
Location: ~Brussels - Belgique

PostPosted: Tue Oct 14, 2014 12:24 pm    Post subject: Reply with quote

The only problem is that Firefox warns you because your SSL certificate is self-signed. This is normal, you have to tell Firerfox your SSL certifiact is OK to disable the warning and show your website.
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
cwc
Veteran
Veteran


Joined: 20 Mar 2006
Posts: 1275
Location: Tri-Cities, WA USA

PostPosted: Tue Oct 14, 2014 1:38 pm    Post subject: Reply with quote

XavierMiller wrote:
The only problem is that Firefox warns you because your SSL certificate is self-signed. This is normal, you have to tell Firerfox your SSL certifiact is OK to disable the warning and show your website.



thanks I think I got it using index.html

i need to go to work and I'll work on php tonight

thanks again
_________________
Without diversity there can be no evolution:)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum