Nginx nginx not starting "unknown server_https variable"

Solved the phpmyadmin install part. I removed /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf.bak. I'll get back with the rest of the issues in a few minutes.

---

 

phpmyadmin installed without errors, but trying to access it generates ERR_TOO_MANY_REDIRECTS.

 

The only 301 redirects are for http://www and https:/www
Right now, my problem is that I can't access phpmyadmin page because of too many redirects. I didnt set up cloudflare to redirect http to https yet.

 

On the other hand, trying the same on web.mszp.ro i'm getting this:

Code (Text):

# curl -I https://web.mszp.ro
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

 

Just saw that all the lines in the ssl.conf file are commented out. I really couldn't tell if I did this, in all that panic when my site went down, as I didn't log anything like that (and I log quite every move).

 

I didnt enable HSTS. I cleared my web browser's HSTS record, I even turned off SSL in Cloudflare. phpmyadmin page still has too many redirections.

Yes, web.mszp.ro is my main hostname, but, as I said, HSTS is out of the question.

 

Yes, but for the phpmyadmin page it doesn't work:

Code (Text):

HTTP/1.1 301 Moved Permanently
Date: Sun, 10 Dec 2017 00:16:57 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=dd0abcf77a045f420a2f30835ade2121a1512865016; expires=Mon, 10-Dec-18 00:16:56 GMT; path=/; domain=.mszp.ro; HttpOnly
Location: https://web.mszp.ro/XXXXX_mysqladminXXXXX/
Server: cloudflare-nginx
CF-RAY: 3cac04b4061c218c-EWR

 

In fact, I think this shows the problem:
Same query, but for https://web.mszp.ro/XXXXX_mysqladminXXXXX/

Code (Text):

HTTP/2 301
date: Sun, 10 Dec 2017 00:34:30 GMT
content-type: text/html
set-cookie: __cfduid=d5e826a1e71daadecc840d92a346034a71512866070; expires=Mon, 10-Dec-18 00:34:30 GMT; path=/; domain=.mszp.ro; HttpOnly
location: https://web.mszp.ro/XXXXX_mysqladminXXXXX/
server: cloudflare-nginx
cf-ray: 3cac1e6dca1791a6-EWR

 

OK, I'm going to access it through the server's IP. That way is working. Back to the original problem, I'll keep the fastcgi_param HTTPS $server_https; line commented out in php-wpsc.conf for now. Hopefully, it won't be the source of more problems. Still don't know when and what happened. Are you sure it had nothing to do with me removing /etc/centminmod/php.d/mongodb.ini and /etc/centminmod/php.d/redis.ini? This is the only thing I did besides installing phpmyadmin.

Thanks for all your help so far!

 

Well, if I try to activate full SSL on Cloudflare, accessing http://mszp[dot]ro (vhost) redirects me to https://web.mszp[dot]ro (mainhost).
If I change my wp and site URLs to https in wp admin, trying to access the site ends up in too many redirects.

I'm perfectly stuck. I don't understand anything anymore

 

Code (Text):

# curl -Iv http://mszp.ro
* About to connect() to mszp.ro port 80 (#0)
*   Trying 104.27.153.136...
* Connected to mszp.ro (104.27.153.136) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: mszp.ro
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Mon, 11 Dec 2017 06:10:13 GMT
Date: Mon, 11 Dec 2017 06:10:13 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< Set-Cookie: __cfduid=d506f9b8045c7d7c1865ef7be06d90d391512972613; expires=Tue, 11-Dec-18 06:10:13 GMT; path=/; domain=.mszp.ro; HttpOnly
Set-Cookie: __cfduid=d506f9b8045c7d7c1865ef7be06d90d391512972613; expires=Tue, 11-Dec-18 06:10:13 GMT; path=/; domain=.mszp.ro; HttpOnly
< Last-Modified: Mon, 11 Dec 2017 03:49:32 GMT
Last-Modified: Mon, 11 Dec 2017 03:49:32 GMT
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Server: cloudflare-nginx
Server: cloudflare-nginx
< CF-RAY: 3cb64795329f9c05-AMS
CF-RAY: 3cb64795329f9c05-AMS

<
* Connection #0 to host mszp.ro left intact

Code (Text):

# curl -Iv https://mszp.ro
* About to connect() to mszp.ro port 443 (#0)
*   Trying 104.27.153.136...
* Connected to mszp.ro (104.27.153.136) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*     subject: CN=sni45979.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
*     start date: Dec 09 00:00:00 2017 GMT
*     expire date: Jun 17 23:59:59 2018 GMT
*     common name: sni45979.cloudflaressl.com
*     issuer: CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: mszp.ro
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Mon, 11 Dec 2017 06:14:37 GMT
Date: Mon, 11 Dec 2017 06:14:37 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< Set-Cookie: __cfduid=d24238a0a7c4a57f0d6ac3231c184a8661512972877; expires=Tue, 11-Dec-18 06:14:37 GMT; path=/; domain=.mszp.ro; HttpOnly
Set-Cookie: __cfduid=d24238a0a7c4a57f0d6ac3231c184a8661512972877; expires=Tue, 11-Dec-18 06:14:37 GMT; path=/; domain=.mszp.ro; HttpOnly
< Last-Modified: Mon, 11 Dec 2017 03:49:32 GMT
Last-Modified: Mon, 11 Dec 2017 03:49:32 GMT
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Server: cloudflare-nginx
Server: cloudflare-nginx
< CF-RAY: 3cb64e05ea909bff-AMS
CF-RAY: 3cb64e05ea909bff-AMS

<
* Connection #0 to host mszp.ro left intact

Code (Text):

# curl -Iv http://web.mszp.ro
* About to connect() to web.mszp.ro port 80 (#0)
*   Trying 62.xxx.xxx.xx...
* Connected to web.mszp.ro (62.xxx.xxx.xx) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: web.mszp.ro
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Mon, 11 Dec 2017 06:16:08 GMT
Date: Mon, 11 Dec 2017 06:16:08 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Content-Length: 1493
Content-Length: 1493
< Last-Modified: Sat, 09 Dec 2017 21:29:12 GMT
Last-Modified: Sat, 09 Dec 2017 21:29:12 GMT
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< ETag: "5a2c55a8-5d5"
ETag: "5a2c55a8-5d5"
< Server: nginx centminmod
Server: nginx centminmod
< Expires: Tue, 12 Dec 2017 06:16:08 GMT
Expires: Tue, 12 Dec 2017 06:16:08 GMT
< Cache-Control: max-age=86400
Cache-Control: max-age=86400
< Cache-Control: public, must-revalidate, proxy-revalidate
Cache-Control: public, must-revalidate, proxy-revalidate
< Accept-Ranges: bytes
Accept-Ranges: bytes

<
* Connection #0 to host web.mszp.ro left intact

Code (Text):

# curl -Iv https://web.mszp.ro
* About to connect() to web.mszp.ro port 443 (#0)
*   Trying 62.xxx.xxx.xx...
* Connected to web.mszp.ro (62.xxx.xxx.xx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*     subject: CN=web.mszp.ro,OU=IT,O=web.mszp.ro,L=Los Angeles,ST=California,C=US
*     start date: Dec 09 21:36:23 2017 GMT
*     expire date: Nov 15 21:36:23 2117 GMT
*     common name: web.mszp.ro
*     issuer: CN=web.mszp.ro,OU=IT,O=web.mszp.ro,L=Los Angeles,ST=California,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Code (Text):

# grep -rn 'mszp.ro' /usr/local/nginx/conf/conf.d | grep server_name

/usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf:4:            server_name web.mszp.ro;

/usr/local/nginx/conf/conf.d/mszp.ro.conf:9:#            server_name mszp.ro;

/usr/local/nginx/conf/conf.d/mszp.ro.conf:14:  server_name mszp.ro www.mszp.ro;

/usr/local/nginx/conf/conf.d/mszp.ro.ssl.conf:10:#  server_name mszp.ro www.mszp.ro;

/usr/local/nginx/conf/conf.d/mszp.ro.ssl.conf:16:#  server_name mszp.ro www.mszp.ro;

/usr/local/nginx/conf/conf.d/virtual.conf:4:            server_name web.mszp.ro;

I don't have any cloudflare wp plugin installed.

 

You can see for yourself right now. I enabled full SSL on Cloudflare. http://mszp.ro working as expected, https://mszp.ro is redirecting to http://web.mszp.ro (mainhost).

LE: wp and server URLs in wp admin are http

 

I uncommented the following lines in mszp.ro.ssl.conf:

Code (Text):

server {
  server_name mszp.ro www.mszp.ro;
   return 302 https://mszp.ro$request_uri;
}

Testing nginx now warns me:

Code (Text):

# nginx -t
nginx: [warn] conflicting server name "mszp.ro" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.mszp.ro" on 0.0.0.0:80, ignored
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful