Join the community today
Register Now

SSL Needing help installing

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Jake, Apr 8, 2016.

Tags:
  1. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    1:10 AM
    NA
    Maria DB 5.5
    Hello,
    I am needing help... I am not fully understanding the instructions...
    This is the error I am getting this error

    nginx: [warn] invalid parameter "spdy": ngx_http_spdy_module was superseded by n
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

    It still works but the website now throws up a 404 ERROR

    I tried this
    Code:
    server {
      server_name domain.com www.domain.com;
      return 302 https://$server_name$request_uri;
    
    }
    
    # https SSL SPDY vhost
    server {
            listen 443 ssl spdy;
                server_name domain.com;
    
            ssl_dhparam /usr/local/nginx/conf/ssl/domaincom/dhparam.pem;
            ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;
            ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/ssl.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache      shared:SSL:10m;
            ssl_session_timeout  10m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
            ssl_prefer_server_ciphers   on;
            add_header Alternate-Protocol  443:npn-spdy/3;
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
            #add_header  X-Content-Type-Options "nosniff";
            #add_header X-Frame-Options DENY;
            # nginx 1.5.9+ or higher
            # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
            # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
            # spdy_headers_comp 0;
            # ssl_buffer_size 4k;
    
            # enable ocsp stapling
            resolver 8.8.8.8;
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=32k;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      root /home/nginx/domains/domain.com/public;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
         ## redirect https://www to https://non-www
         ## uncomment if needed
         # if ($host = 'www.domain.com' ) {
         #   return 302 https://$server_name$request_uri;
         # }
    
      location / {
    
    # block common exploits, sql injections etc
    # include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      include /usr/local/nginx/conf/errorpage.conf;
    }
     
    Last edited: Apr 8, 2016
  2. RoldanLT

    RoldanLT Well-Known Member

    3,899
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    11:10 PM
    1.11
    10.2
    On line:
    listen 443 ssl spdy;

    Remove spdy or replace it with http2.
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,151
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    what version of centmin mod you using ? latest 123.08stable and 123.09beta01 updated code automatically adjusts all old spdy configured nginx vhosts when you run centmin.sh menu option 4 to update nginx.

    When was last time you ran centmin.sh menu option 4 to update nginx ?

    I'd update to latest 123.08stable or 123.09beta01 code via centmin.sh menu option 23 submenu option 2 and then run centmin.sh menu option 4 to update to nginx 1.9.14 to automatically switch from spdy to http/2 supported nginx vhosts as there's many more updates in centmin mod code that you'd benefit from if you haven't ran centmin.sh menu option 4 in ages as it seems that might be the case as i added spdy to http/2 auto switch routine back around nginx 1.9.3-1.9.5 which was around 7-9+ months ago.

    Upgrading Centmin Mod Code to Latest Version



    Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches.

    Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch swicthing via Git backed environment you can setup. For full details read the following links:
    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.
    So essentially, you can upgrade from .07 to .08 in place, but not everything is upgraded as some things like server initial environment setup isn't changed i.e. how swap, tmp setup and allocation are created etc. The main parts from part 2 above are what in place upgrades do i.e. Nginx and PHP-FPM compilation and config/settings parameters and MariaDB version from 5.5 to 10.0.x. If you want the full environment changed including tmp and swap setup to .08's configuration, then you would need a fresh OS install and fresh .08 initial install. You can think of it like upgrading Windows 7 to Windows 8. An in place upgrade will upgrade code but won't change your computer environment from when you installed Windows 7 i.e. disk configuration and partition sizes won't change from when you initially installed Windows 7. Only way to change that would be fresh Windows 8 install.
     
  4. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    1:10 AM
    NA
    Maria DB 5.5
    Code:
    server {
      server_name hastehosting.com www.hastehosting.com;
      return 302 https://www.hastehosting.com$request_uri;
    }
    # https SSL SPDY vhost
    server {
            listen 443 ssl http2;
                server_name hastehosting.com;
            ssl_dhparam
    /usr/local/nginx/conf/ssl/hastehostingcom/dhparam.pem;
            ssl_certificate
    /usr/local/nginx/conf/ssl/hastehostingcom/ssl-unified.crt;
            ssl_certificate_key
    /usr/local/nginx/conf/ssl/hastehostingcom/hastehostingcom.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            ssl_ciphers
    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
            ssl_prefer_server_ciphers on;
            add_header Alternate-Protocol 443:npn-spdy/3;
            add_header Strict-Transport-Security "max-age=31536000;
    includeSubdomains;";
            #add_header X-Content-Type-Options "nosniff"; add_header
            #X-Frame-Options DENY;
            # nginx 1.5.9+ or higher
            # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
            # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
            # spdy_headers_comp 0; ssl_buffer_size 4k; enable ocsp stapling
            resolver 8.8.8.8;
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate
    /usr/local/nginx/conf/ssl/hastehostingcom/ssl-trusted.crt;
      # limit_conn limit_per_ip 16; ssi on;
      access_log /home/nginx/domains/hastehosting.com/log/access.log
    combined buffer=32k;
      error_log /home/nginx/domains/hastehosting.com/log/error.log;
      root /home/nginx/domains/hastehosting.com/public;
    # ngx_pagespeed & ngx_pagespeed handler include
    #/usr/local/nginx/conf/pagespeed.conf; include
    #/usr/local/nginx/conf/pagespeedhandler.conf; include
    #/usr/local/nginx/conf/pagespeedstatslog.conf;
         ## redirect https://www to https://non-www uncomment if needed
         # if ($host = 'www.domain.com' ) {
         #   return 302 https://$server_name$request_uri;
         # }
      location / {
    # block common exploits, sql injections etc include
    # /usr/local/nginx/conf/block.conf;
      # Enables directory listings when index file not found autoindex on;
      }
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      include /usr/local/nginx/conf/errorpage.conf;
    }
    
    I am seeing things redirecting to just "https://www.

    Thats it nothing after the www.

    Am I missing something else?
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,151
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    1:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    which is main domain access via www or non-www ?
    if it's www, then you have incorrect 302 redirect as HTTP/2 SSL server_name is non-www and needs to change to www version
    Code (Text):
    server {
      server_name hastehosting.com www.hastehosting.com;
      return 302 https://www.hastehosting.com$request_uri;
    }
    # https SSL SPDY vhost
    server {
            listen 443 ssl http2;
                server_name www.hastehosting.com;