NGINX HTTPS Timeout [closed]

By | December 7, 2017
Questions:

My problem is that if I restart NGINX the HTTP works fine but HTTPS is not available. I receive a connection timeout. I checked that I can connect locally and checked the certificate. This works fine too. I do not have a firewall but it seems like the port or what ever are blocked. Please help…

server {
    server_name help.XXXX.de;
    listen 80;
    listen 443 default ssl;

    ssl on;
    ssl_certificate      /etc/ssl/localcerts/0001_MAILcert.pem;
    ssl_certificate_key  /etc/ssl/localcerts/0001_MAILcert.key;
    ssl_ciphers               SSLv3+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
    ssl_prefer_server_ciphers on;
    ssl_protocols             TLSv1;

    access_log /var/www/XXXX.de/help.XXXX.de/logs/access.help.log main;
    index index.html index.htm index.php;
    root /var/www/XXXX.de/help.XXXX.de/htdocs;

    location / {
        try_files $uri $uri/ /index.php;
}

location ~ \.php$ {
    try_files $uri @rewrite;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    }
}

I am using Debian with NGINX 1.2.6 and PHP-FPM

Answers:

Your second location-block needs to be within the main server-block, otherwise your ssl configuration will not apply to it.

The reason your config works for HTTP is because the listen directive default is *:80 and this is being applied to the second location-block, since it has no outer server block configuration.

Possibly unrelated, but the try_files $uri @rewrite; line looks wrong because there is no named-location in your config called location @rewrite, but that shouldn’t be causing https to be unavailable.

Also, the ssl directive is not required because the listen directive performs this function.

Can you try this:

server {
    server_name help.XXXX.de;
    listen 80;
    listen 443 default ssl;

    ssl_certificate      /etc/ssl/localcerts/0001_MAILcert.pem;
    ssl_certificate_key  /etc/ssl/localcerts/0001_MAILcert.key;
    ssl_ciphers               SSLv3+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
    ssl_prefer_server_ciphers on;
    ssl_protocols             TLSv1;

    access_log /var/www/XXXX.de/help.XXXX.de/logs/access.help.log main;
    index index.html index.htm index.php;
    root /var/www/XXXX.de/help.XXXX.de/htdocs;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        try_files $uri @rewrite;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

If there are still problems connecting, check that Nginx was compiled with the SSL module:

nginx -V

If the output does not include the line below you’ll need to recompile:

--with-http_ssl_module

Leave a Reply

Your email address will not be published. Required fields are marked *