Getting no response from server when connecting with https://
Http is running fine
I have installed self signed certificate and configured properly without errors. I am running nginx with php-fpm. I checked with nginx it is listening on port 443. I tried switching it on 81 too with luck again.This is my first time with you genius guys so please have mercy and let me know how can I improve my questions
Default nginx config
user nginx; pid /var/run/nginx.pid; error_log /var/log/nginx/error.log; worker_processes auto; worker_rlimit_nofile 1024; events { use epoll; worker_connections 2048; multi_accept on; } http { perl_modules perl/lib; perl_set $uri_lc 'sub { my $r = shift; my $uri = $r->uri; $uri = lc($uri); return $uri; }'; include /etc/nginx/mime.types; default_type application/octet-stream; ... upstream fpm_backend { server 127.0.0.1:9000; } map $scheme $fastcgi_https { default off; https on; } server_tokens off; sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 10m; client_body_timeout 10m; send_timeout 10m; proxy_read_timeout 2m; fastcgi_send_timeout 10m; fastcgi_read_timeout 10m; fastcgi_buffer_size 32k; fastcgi_buffers 8 16k; client_max_body_size 10M; client_header_buffer_size 1k; large_client_header_buffers 4 4k; output_buffers 4 32k; postpone_output 1460; keepalive_timeout 65; reset_timedout_connection on; types_hash_max_size 2048; gzip on; gzip_disable 'msie6'; gzip_comp_level 5; gzip_min_length 100; gzip_buffers 16 8k; gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss application/javascript image/png image/gif image/jpg; gzip_vary on; open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 5; open_file_cache_errors off; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; include /etc/nginx/conf.d/*.conf; }
included conf out of many others not related
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; include /etc/nginx/conf.d/custom-log.inc; server { listen 80; listen 443 ssl; server_name control.xxx.com; access_log /var/log/nginx/control-performance-access1.log performance; error_log /var/log/nginx/control-error.log; set $mageCode "kw_en"; if ($request_uri ~ ^/ar/) { set $mageCode 'kw_ar'; } ssl_certificate /data/csr/customssl/control.xxx.com.crt; ssl_certificate_key /data/csr/customssl/control.xxx.com.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location ~* \.(?:png|gif|jpg|jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip)$ { expires 30d; add_header Cache-Control public; fastcgi_hide_header Set-Cookie; fastcgi_param HTTPS on; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; } gzip on; gzip_types text/plain text/css text/javascript application/x-javascript application/javascript; gzip_vary on; #fastcgi_hide_header Set-Cookie; include conf.d/control.xxx.com.options.inc; # rewrites configuration include conf.d/control.xxx.com.redirects.inc; include conf.d/control-blockips.conf; }
control.xxx.com.options.inc
#listen 80; #listen 81 ssl; root /data/html/XXX/src; index index.php index.html index.htm; autoindex off; expires off; location @proxy { fastcgi_pass fpm_backend; } location @arhandler { rewrite / /ar/index.php; } location ~ (^/(app/|includes/|lib/|pkginfo/|var/|shell/|modules/|report/config.xml|\.|RELEASE_NOTES.txt|LICENSE.+|mage$)|\.(sample|sh)$) { deny all; return 404; } location ~ \.(png|gif|jpg|jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip)$ { expires 1w; try_files $uri $uri/ @proxy; access_log off; log_not_found on; } location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_read_timeout 900s; fastcgi_connect_timeout 900s; fastcgi_pass fpm_backend; fastcgi_keep_conn on; fastcgi_param HTTPS $fastcgi_https; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off"; fastcgi_param PHP_VALUE "memory_limit=1024M \n max_execution_time=18000"; fastcgi_param MAGE_RUN_CODE $mageCode; fastcgi_param MAGE_RUN_TYPE store; } location / { try_files $uri $uri/ /index.php?$args; } location /ar/ { try_files $uri $uri/ @arhandler; }
Answer
Thanks Guys for your help.
My IPTables were inactive already.
I tried starting it to check if it works but still no luck.
But when I stopped it again SSL started working.
Strange but I manage to solve this by simply restarting iptables.
Hope this helps somebody.
Best,
Attribution
Source : Link , Question Author : evilhitesh , Answer Author : evilhitesh