Want to subscribe to topics you're interested in?
Become a Member

SSL How to setup Nginx and SSL certificate ?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Prasad, Jun 11, 2015.

Tags:
  1. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5
    Hello,

    I am using the latest centminmod, eva2000.07, on a CentOS 6.6 powered machine with Rackspace.
    I want to install a SSL certificate, that i have bought from Comodo. Its a PositiveSSL certificate.

    I generated the CSR and private key online. Got my certificate. But I dont know how to use it. I did find a link on centminmod regarding it here : Nginx HTTPS / SSL Google SPDY configuration

    But I got confused and actually worked up the whole server, so my website went down totally. Well as it was still in development, i dont mind doing it.

    Anyways, if anyone can help me with specific step by step instructions, i am more than happy to work by it. Please help me.
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5
    The linked article at Nginx HTTPS / SSL Google SPDY configuration has everything you need. It's easier to do the CSR and private key generation on the server for Centmin Mod Nginx via method 1 from OpenSSL CSR section onwards. Method 2 involves uploading and renaming those CSR and private key to the defined directory in the instructions.

    Also a few similar threads
     
    Last edited: Jun 11, 2015
  3. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5
    Hello,

    Thanks a lot, it actually worked. I just have one single problem. Whenever I open my Wordpress website using the url, it just downloads the index.html file, the website doesnt open. Any throughts ?

    Here is the url : resellpremium.com
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5
    Are you using Wordpress permalinks or Nginx rewrite rules which have urls/links with .html extensions ?

    Centmin Mod default static files include file at /usr/local/nginx/conf/staticfiles.conf handles .html files via Nginx. But by using wordpress with .html extensions you tell Nginx not to serve .html files and serve via PHP-FPM (not ideal as it reduces performance if you use permalinks with .html extensions and thus use PHP-FPM to server .html files)

    If you must use .html extension permalinks, you need to comment out the .html location context from /usr/local/nginx/conf/staticfiles.conf and restart Nginx server as illustrated below with hash # in front
    Code:
        location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
            gzip_static off;
            #add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            access_log off;
            expires 30d;
            break;
            }
    
        location ~* \.(js)$ {
            #add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            access_log off;
            expires 30d;
            break;
            }
    
        location ~* \.(css)$ {
            #add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            access_log off;
            expires 30d;
            break;
            }
    
        #location ~* \.(html|htm|txt)$ {
            #add_header Pragma public;
            #add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            #access_log off;
            #expires 1d;
           # break;
           # }
    
        location ~* \.(eot|svg|ttf|woff)$ {
            #add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            access_log off;
            expires 30d;
            break;
            }
    
    You can also use SSH command shortcut below to launch nano linux text editor and edit file /usr/local/nginx/conf/staticfiles.conf
    Code:
    statfilesinc
     
  5. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5
    Actually I just installed Wordpress. I have not even set up the permalinks structure. Nor have I played with any other settings.

    I reimaged the server to Centos 6.6, installed Centminmod, installed wordpress and setup SSL.

    But before setting up SSL, i could see Wordpress, login to the admin panel etc.
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5
  7. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5
    Hello,

    I have never touched the other files, i just install centmimod, add a vhost domain and just install Wordpress. it works like a charm with permalinks.

    Here are my files :

    1. domain.com.conf

    Code:
    server {
      server_name domain.com www.domain.com;
      return 302 https://$server_name$request_uri;
    
    }
    
    # https SSL SPDY vhost
    server {
            listen 443 ssl spdy;
                server_name domain.com www.domain.com;
    
            ssl_dhparam /usr/local/nginx/conf/ssl/domaincom/dhparam.pem;
            ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-bundle.crt;
            ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/www_domain_com.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache      shared:SSL:10m;
            ssl_session_timeout  10m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
            ssl_prefer_server_ciphers   on;
            add_header Alternate-Protocol  443:npn-spdy/3;
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
            #add_header  X-Content-Type-Options "nosniff";
            #add_header X-Frame-Options DENY;
            # nginx 1.5.9+ or higher
            # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
            # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
            # spdy_headers_comp 0;
            # ssl_buffer_size 4k;
    
            # enable ocsp stapling
            resolver 8.8.8.8;
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=32k;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      root /home/nginx/domains/domain.com/public/;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
         ## redirect https://www to https://non-www
         ## uncomment if needed
         # if ($host = 'www.domain.com' ) {
         #   return 302 https://$server_name$request_uri;
         # }
    
      location / {
    
    # block common exploits, sql injections etc
    # include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      include /usr/local/nginx/conf/errorpage.conf;
    }
    
    2. SSL.conf

    Its all actually #'ed out but still for reference
    Code:
    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  domain.com www.domain.com;
    #    keepalive_timeout  30;
    
    #    ssl                  on;
    #    ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-bundle.crt;
    #    ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/www_domain_com.key;
    #    ssl_session_timeout  10m;
    
        #openssl <1.0.1
        #ssl_protocols SSLv3 TLSv1;
        #openssl >=1.0.1
        #ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
    
    ##
    #    ssl_session_cache    shared:SSL:10m;
    #    ssl_session_timeout  10m;
    ## http://www.openssl.org/docs/apps/ciphers.html
    #    ssl_ciphers  RC4:HIGH:!aNULL:!MD5:!kEDH;
        ssl_prefer_server_ciphers   on;
    
    #    location / {
    #        root   html;
    #    }
    
    #include /usr/local/nginx/conf/staticfiles.conf;
    #include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    
    
    #}
    
     
    Last edited: Jun 11, 2015
  8. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5
    ssl vhost you commented out PHP serving include file
    Code:
    #include /usr/local/nginx/conf/php.conf;
    
    you need to uncomment it to serve PHP files :)

    edit: never mind I thought you said downloads index.php but re-read it says index.html. For that just remove the default place holder index.html in your web root heh
     
  9. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5

    Hi,

    Actually I did uncomment it and still it shows the same error,
    Also i dont have any index.html in my root. Still when I open in chrome a file is downloaded. with or without https.
    i dont understand the problem here.

    PS : I do restart nginx and php-fpm after every change.
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5
    you have defined 2 different web roots

    correct one
    Code:
    root /home/nginx/domains/resellpremium.com/public/;
    and incorrect in ssl vhost
    Code:
    root   html;
     
  11. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5
    Actually everything in SSL.conf is commented out. Should that create a problem ?
     
  12. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5
    oh i see you shouldn't be editing SSL.conf only your domain vhost and looks like it's working i can get to ResellPremium | Just another WordPress site fine.. you may have browser cache, so clear cache, restart your browser and check
     
  13. Prasad

    Prasad New Member

    8
    1
    3
    Jun 11, 2015
    Ratings:
    +1
    Local Time:
    4:00 PM
    Current
    5.5
    Yes. How dumb of me, not to clear the cache.

    Its working now. Thanks a lot for your valuable time and help.

    Keep developing awesome softwares like these. I wish you best of luck for your future.
     
    • Like Like x 1
  14. eva2000

    eva2000 Administrator Staff Member

    29,057
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    8:30 PM
    Nginx 1.13.x
    MariaDB 5.5