Apologies first of all, because I basically have no idea what I'm doing, so please be patient with me!
I'm trying to install my SSL and to use Nginx as frontend of my Tomcat application
I got my SSL certificate from GoDaddy, I struggled a lot but I managed to generate it. After I installed Nginx and set everything up I noticed that I had a key values mismatch. I spent a lot of time but I managed to get their modules to match and then I finally got Nginx to start. Now I just can't reach my domain with HTTPS as desired, I receive on Chrome the message
SSL connection error
ERRSSLPROTOCOL_ERROR
Hide details
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
_____
The log files (access and error) at /var/log/nginx are completely empty and here is my nginx.conf file which I got as sample from here
https://github.com/loftuxab/alfresco-ubuntu-install/blob/master/nginx/nginx.conf
user www-data;
worker_processes 2;
pid /run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 6;
#gzip_min_length 256;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/xml text/plain application/json text/javascript application/javascript application/x-javascript text/css text/csv text/x-markdown text/x-web-markdown application/atom+xml application/rss+xml application/atomsvc+xml;
#gzip_vary on;
# Set proxy cache path
proxy_cache_path /var/cache/nginx/alfresco levels=1 keys_zone=alfrescocache:256m max_size=512m inactive=1440m;
# Main website Tomcat instance
upstream alfresco {
server localhost:8080;
}
# Uncomment if you want redirect to https
server {
listen 80 default_server ;
listen [::]:80 default_server ipv6only=on;
server_name mydomain.com www.mydomain.com;
server_name_in_redirect off;
rewrite ^ https://mydomain.com permanent;
}
# Default server config. Update servername.
server {
#listen 80 default_server ;
#listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl;
#listen 443 ssl spdy default_server;
server_name www.mydomain.com;
root /opt/alfresco/www;
index index.html index.htm;
# Redirecto root requests to Share
rewrite ^/$ /share;
ssl on;
ssl_certificate /etc/nginx/ssl/a.crt;
ssl_certificate_key /etc/nginx/ssl/a.key;
ssl_session_timeout 15m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
# spdy Support, use add_header if you do not use redirection from http to https
#add_header Alternate-Protocol 443:npn-spdy/2;
#spdy_headers_comp 4;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# redirect server error pages to the static page /50x.html
#
error_page 502 503 504 /maintenance.html;
location = /maintenance.html {
root /opt/alfresco/www;
}
# Access to old Alfresco web client. Remove this location if not needed.
location /alfresco {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share/proxy/alfresco {
# This section is for allowing to rewrite 50x response to 401 on Ajax req.
# This forces Share to reload page, and thus display maintenance page
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_intercept_errors on;
error_page 502 503 504 =401 /maintenance.html;
}
location /share/res/ {
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_cache alfrescocache;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 1440m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504;
}
}
Thanks in advance for any help
I'm trying to install my SSL and to use Nginx as frontend of my Tomcat application
I got my SSL certificate from GoDaddy, I struggled a lot but I managed to generate it. After I installed Nginx and set everything up I noticed that I had a key values mismatch. I spent a lot of time but I managed to get their modules to match and then I finally got Nginx to start. Now I just can't reach my domain with HTTPS as desired, I receive on Chrome the message
SSL connection error
ERRSSLPROTOCOL_ERROR
Hide details
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
_____
The log files (access and error) at /var/log/nginx are completely empty and here is my nginx.conf file which I got as sample from here
https://github.com/loftuxab/alfresco-ubuntu-install/blob/master/nginx/nginx.conf
user www-data;
worker_processes 2;
pid /run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 6;
#gzip_min_length 256;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/xml text/plain application/json text/javascript application/javascript application/x-javascript text/css text/csv text/x-markdown text/x-web-markdown application/atom+xml application/rss+xml application/atomsvc+xml;
#gzip_vary on;
# Set proxy cache path
proxy_cache_path /var/cache/nginx/alfresco levels=1 keys_zone=alfrescocache:256m max_size=512m inactive=1440m;
# Main website Tomcat instance
upstream alfresco {
server localhost:8080;
}
# Uncomment if you want redirect to https
server {
listen 80 default_server ;
listen [::]:80 default_server ipv6only=on;
server_name mydomain.com www.mydomain.com;
server_name_in_redirect off;
rewrite ^ https://mydomain.com permanent;
}
# Default server config. Update servername.
server {
#listen 80 default_server ;
#listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl;
#listen 443 ssl spdy default_server;
server_name www.mydomain.com;
root /opt/alfresco/www;
index index.html index.htm;
# Redirecto root requests to Share
rewrite ^/$ /share;
ssl on;
ssl_certificate /etc/nginx/ssl/a.crt;
ssl_certificate_key /etc/nginx/ssl/a.key;
ssl_session_timeout 15m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
# spdy Support, use add_header if you do not use redirection from http to https
#add_header Alternate-Protocol 443:npn-spdy/2;
#spdy_headers_comp 4;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# redirect server error pages to the static page /50x.html
#
error_page 502 503 504 /maintenance.html;
location = /maintenance.html {
root /opt/alfresco/www;
}
# Access to old Alfresco web client. Remove this location if not needed.
location /alfresco {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share/proxy/alfresco {
# This section is for allowing to rewrite 50x response to 401 on Ajax req.
# This forces Share to reload page, and thus display maintenance page
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_intercept_errors on;
error_page 502 503 504 =401 /maintenance.html;
}
location /share/res/ {
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_cache alfrescocache;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 1440m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504;
}
}
Thanks in advance for any help