SSL How to setup Nginx and SSL certificate ?

Hello,

I am using the latest centminmod, eva2000.07, on a CentOS 6.6 powered machine with Rackspace.
I want to install a SSL certificate, that i have bought from Comodo. Its a PositiveSSL certificate.

I generated the CSR and private key online. Got my certificate. But I dont know how to use it. I did find a link on centminmod regarding it here : Nginx HTTPS / SSL Google SPDY configuration

But I got confused and actually worked up the whole server, so my website went down totally. Well as it was still in development, i dont mind doing it.

---

Anyways, if anyone can help me with specific step by step instructions, i am more than happy to work by it. Please help me.

 

Hello,

Thanks a lot, it actually worked. I just have one single problem. Whenever I open my Wordpress website using the url, it just downloads the index.html file, the website doesnt open. Any throughts ?

Here is the url : resellpremium.com

 

Actually I just installed Wordpress. I have not even set up the permalinks structure. Nor have I played with any other settings.

I reimaged the server to Centos 6.6, installed Centminmod, installed wordpress and setup SSL.

But before setting up SSL, i could see Wordpress, login to the admin panel etc.

 

Hello,

I have never touched the other files, i just install centmimod, add a vhost domain and just install Wordpress. it works like a charm with permalinks.

Here are my files :

1. domain.com.conf

Code:

server {
  server_name domain.com www.domain.com;
  return 302 https://$server_name$request_uri;

}

# https SSL SPDY vhost
server {
        listen 443 ssl spdy;
            server_name domain.com www.domain.com;

        ssl_dhparam /usr/local/nginx/conf/ssl/domaincom/dhparam.pem;
        ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-bundle.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/www_domain_com.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache      shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
        ssl_prefer_server_ciphers   on;
        add_header Alternate-Protocol  443:npn-spdy/3;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
        #add_header  X-Content-Type-Options "nosniff";
        #add_header X-Frame-Options DENY;
        # nginx 1.5.9+ or higher
        # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
        # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
        # spdy_headers_comp 0;
        # ssl_buffer_size 4k;

        # enable ocsp stapling
        resolver 8.8.8.8;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public/;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

     ## redirect https://www to https://non-www
     ## uncomment if needed
     # if ($host = 'www.domain.com' ) {
     #   return 302 https://$server_name$request_uri;
     # }

  location / {

# block common exploits, sql injections etc
# include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
}

2. SSL.conf

Its all actually #'ed out but still for reference

Code:

# HTTPS server
#
#server {
#    listen       443;
#    server_name  domain.com www.domain.com;
#    keepalive_timeout  30;

#    ssl                  on;
#    ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-bundle.crt;
#    ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/www_domain_com.key;
#    ssl_session_timeout  10m;

    #openssl <1.0.1
    #ssl_protocols SSLv3 TLSv1;
    #openssl >=1.0.1
    #ssl_protocols SSLv3 TLSv1.1 TLSv1.2;

##
#    ssl_session_cache    shared:SSL:10m;
#    ssl_session_timeout  10m;
## http://www.openssl.org/docs/apps/ciphers.html
#    ssl_ciphers  RC4:HIGH:!aNULL:!MD5:!kEDH;
    ssl_prefer_server_ciphers   on;

#    location / {
#        root   html;
#    }

#include /usr/local/nginx/conf/staticfiles.conf;
#include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;


#}

 

Hi,

Actually I did uncomment it and still it shows the same error,
Also i dont have any index.html in my root. Still when I open in chrome a file is downloaded. with or without https.
i dont understand the problem here.

PS : I do restart nginx and php-fpm after every change.

 

Actually everything in SSL.conf is commented out. Should that create a problem ?

 

Yes. How dumb of me, not to clear the cache.

Its working now. Thanks a lot for your valuable time and help.

Keep developing awesome softwares like these. I wish you best of luck for your future.