User must verify their email address so I use laravel email verification.
I configured the project on Ubuntu20.04 and with nginx. Verification link works when I use let's encrypt certificate.
I followed all the steps and configured cloudflare and I followed digitalocean tutorial for adding cloudflare ssl certificate.
This is the nginx configuration for domain
server {
listen 80;
listen [::]:80;
server_name ishtap.az www.ishtap.az;
return 302 https://$server_name$request_uri;
}
server {
# listen 80;
# ssl(created in cloudflare) configuration follwing digitalocean tutorial
# https://www.digitalocean.com/community/tutorials/how-to-host-a-website-using-cloudflare-and-nginx-on-ubuntu-20-04
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
server_name ishtap.az www.ishtap.az;
root /var/www/ishtap.az/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
# listen 443 ssl; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/ishtap.az/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/ishtap.az/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
So when I click email verification link I get error in the attached
image. If cloudflare paused it works no problem but at some route like
where you input sensitive data like password chrome not makes request
and throws "your connection to this site is not fully secured"
In this case, you will have to repair the certificate since the certificate chain is unable to see where is the exact location or the cert is unable to be decrypted. In other words, you can use this tool
To use this tool, you will have to use a Windows machine.
This tool is from DigiCert, you can open it and you can click on SSL, and you can select the cert and click on repair. Also, you can create a new CSR, and you can reissue the cert once again to be able to upload it one more time to your server.
Let me know if you have any other questions or concerns, and I would be more than happy to help you.
The email verification notification is sent in queue and I use supervisor in ubuntu. I find out that there is something wrong with laravel .env file
This is the steps:
fixed APP_URL in .env file to https version of domain
php artisan cache:clear
php artisan config:clear
sudo systemctl reload nginx
php artisan config:cache
supervisorctl restart all restarts all workers
Related
I have a spring boot app running on 8080 (not https as I am not sure if this also need https enabled)
There is an nginx server that redirects requests from 80 (or 443/8443) to 8080
The nginx is secured using letsencrypt. I see this domain file in sites-enabled folder
created certificate using
sudo certbot --nginx -d {dom}.co.uk -d www.{dom}.co.uk
server {
root /var/www/{mydomain}.co.uk/html;
index index.html index.htm index.nginx-debian.html;
server_name {mydomain}.co.uk www.{mydomain}.co.uk;
location / {
#try_files $uri $uri/ =404;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/{mydomain}.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/{mydomain}.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.{mydomain}.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = {mydomain}.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name {mydomain}.co.uk www.{mydomain}.co.uk;
return 404; # managed by Certbot
}
OAuth 2 settings
In OAuth Credentials
Authorized Javascript urls (For use with requests from a browser)
https://{dom}.co.uk
Authorized redirect URIs (For use with requests from a web server)
https://{dom}.co.uk/login/oauth2/code/google
Configured redirect URL
private static API_BASE_URL = "https://{dom}.co.uk/";
private static OAUTH2_URL = AppConstants.API_BASE_URL + "oauth2/authorization/";
Question:
How to fix my
Authorisation Error
Error 400: redirect_uri_mismatch
Do I need to make my spring app also https enabled
(OR)
Any config issue nginx or redirect url etc ?
The redirect_uri you send to Google when initiating the flow must match what you put in the console.
Here you have:
https://example.co.uk/oauth2/authorization/ in the code and
https://example.co.uk/login/oauth2/code/google in the console.
Change either one to match the other. I suggest that you change your code to avoid waiting a good 5 minutes for the changes in the console to propagate.
I was using Laravel Forge and stopped using it due to a problem with my card. So I continued on my own with Digital Ocean.
I followed the below instructable to apply SSL to the site.
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04-es
This procedure indicated some errors que posteriormente solucioné:
For example:
maquino#codigobyte:/etc/nginx/sites-enabled$ sudo nginx -t
nginx: [warn] conflicting server name "todocontenidoweb.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.todocontenidoweb.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "todocontenidoweb.com" on [::]:80, ignored
nginx: [warn] conflicting server name "www.todocontenidoweb.com" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
The issue is that my site is down, I'm already on the third day and Digital Ocean support tells me that they don't see a problem in the configurations. But the site is down.
On the next page it shows me a problem with the secure connection.
https://www.ssllabs.com/ssltest/analyze.html?d=todocontenidoweb.com
At this moment there are several things that make me believe that I have a problem in the following configuration:
In /etc/nginx/sites-enabled$
I have 3 files and one of them is my site todocontenidoweb.com
In todocontenidoweb.com:
server {
listen 80;
listen [::]:80;
server_name todocontenidoweb;
server_tokens off;
root /home/forge/todocontenidoweb.com/public;
In the server_name line all web content; I understand that I should put todocontenidoweb.com www.todocontenidos web.com
But it doesn't allow me and it gives me an error in the certificate if I do this.
I would really appreciate it if someone could help me to solve this situation.
EDITION
File: /etc/nginx/sites-available/mydomain.com
# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/todocontenidoweb.com/before/*;
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name todocontenidoweb.com www.todocontenidoweb.com;
server_tokens off;
root /home/forge/todocontenidoweb.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13>
# ssl_prefer_server_ciphers off;
# ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/todocontenidoweb.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/todocontenidoweb.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
server {
listen 80;
listen [::]:80;
server_name todocontenidoweb.com www.todocontenidoweb.com;
return 302 https://$server_name$request_uri;
}
# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/todocontenidoweb.com/after/*;
//Edit
As you can see below, the site is returning a 301 respose and redirecting to https site, but none of your nginx configs are running on port 443
//End of Edit
There seems to an issue with your nginx config. It seems like your config is only allowing port 80 and not 443. Browsers expect to get 443 as port (unless you otherwise specify) as ssl port. And it seems like you're using some redirect to redirect users from http to https, only problem is you're not running any https service on port 443.
I could be an issue with your nginx config. make sure that the server entry that has the ssl input, also running on port 443.
If you did install ssl with let's encrypt, you can try to generate certificate manually and then you can modify nginx config to run on port 443 as ssl
You can follow this guide from digitalocean , just replace the certificates path with lets-encrypt one
Edit 2 :
I don't think this part should be commented out
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13>
# ssl_prefer_server_ciphers off;
# ssl_dhparam /etc/nginx/dhparams.pem;
As you're essentially not serving any ssl certificate through the 443 port.
Here is an example server from DigitalOcean. As you can see, they're serving a private and public key. Once you generate your certificate, you need to enter the path of those.
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name your_server_ip;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
}
End of Edit
I have a Laravel 8 application.
I have no idea what I missed. I'm trying to deploy a site in my server.
I kept getting :
Invalid SSL certificate
https://mybabies.app/
server {
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
server_name mybabies.app www.mybabies.app;
root /home/bheng/mybabies/public;
index index.html index.htm index.php;
charset utf-8;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
client_max_body_size 500M;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
error_page 404 /index.php;
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location / {
#limit_req zone=one burst=2 nodelay;
try_files $uri $uri/ /index.php?$query_string;
add_header 'Access-Control-Allow-Origin' '*';
}
}
I already create crt + pem key in CloudFlare and configure in these 2 lines :
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
Edit
When I paused it
When I clicked View Certificate, I see
Updated
I created the cert from
To setup secure connection between Cloudflare and your server you need to generate Origin CA Certificate in page Origin Certificates, but you did this in Client Certificates instead, so that's why you are getting error.
They are completelly different things with different purpose. Read descriptions.
Client Certificates
Secure and authenticate your APIs and web
applications with client certificates. Block traffic from devices that
do not have a valid client SSL/TLS certificate with mTLS rules.
Origin Certificates
Generate a free TLS certificate signed by Cloudflare to install on
your origin server. Origin Certificates are only valid for encryption
between Cloudflare and your origin server.
After generating PEM an KEY you need to put them in .crt and .key and load in nginx config, like you did before.
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
Now connection Full (strict) should work.
If you want to use self-signed certificate instead, but still leverage secure connection between CF and server, then use option Full instead (without strict). By using Flexible your visitor will be still using HTTPS, but there will be no SSL connection between CF and server, and server will see this as HTTP connection, so this option is not recommended.
Rad more: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-
thank you in advance for your support.
I set up an Ubuntu Server with Nginx as a Digitalocean Droplet and am using the server provisioning tool Laravel Forge, which works fine. I successfully installed the PHP Framework Laravel and deployed the code on the server. I ssh into the server and checked the files in the supposed directory. The code is successfully deployed.
Next I own a domain, and created an A record for the following subdomain: app.mywebsite.de, that points to that server. I followed the digitalocean instructions and I waited the required time. Using a DNS Lookup tool, I confirmed that the subdomain actually points to the server.
Screenshot of DNS Lookup
Yet, when I use the subdomain in my browser, the browser doesn't connect to the server. I get the following error message in the browser:
Screenshot of Browser when connecting to server
It seems like the subdomain is correctly pointed to the server, but the server isn't rightly configured. I tried to check the nginx configuration and under sites-avaialble I have the following configuration for the subdomain:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.mywebsite.de/before/*;
server {
listen 80;
listen [::]:80;
server_name app.mywebsite.de;
server_tokens off;
root /home/forge/app.mywebsite.de/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.mywebsite.de/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/app.mywebsite.de-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.mywebsite.de/after/*;
In forge-conf/app.website.de/before/*; is only one file redirect.conf with the following code:
server {
listen 80;
listen [::]:80;
server_name www.app.website.de;
if ($http_x_forwarded_proto = 'https') {
return 301 https://app.website.de$request_uri;
}
return 301 $scheme://app.website.de$request_uri;
}
There are no other sites on the server. So there is only the 000-catch-all file in the sites available directory of the nginx configuration folder.
Unfortunately I reached my limit of understanding here and I would love if somebody could point me into the right direction to find out, which part of nginx is not configured corectly.
P.S.
Some additional info:
Yes I restarted Nginx and the whole server multiple times.
Turns out, everything was configured correctly. I didn't change anything, except that I added some additional sites on the nginx server. Forge probably updated the server blocks, which resolved the problem.
I am have a website running on laravel 5 framework and hosted on DigitalOcean via laravel forge. I have just purchased a simple SSL Certificate from Namecheap for the sake of trying the certificate. Before installing the certificate everything was fine, i was able to load my website properly. After i install the certificate via Laravel Forge, my site is not loadable anymore (either http or https). I have no idea what is happening and from where to start debugging. Hopefully someone is able to provide me with some assistance.
I will provide you as much information as I can in below.
Nginx.conf via Laravel forge
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 128M;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Server Details
VPS Provider: DigitalOcean
Deployment: Laravel Forge
Platform: Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic
Framework: Laravel 5
Domain reg: Namecheap
DNS Svr: ns1,ns2,ns3.digitalocean.com
CA: Comodo PositiveSSL
Update 1: according to the buddy below suggested to check iptables, this is what i've got
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
Update 2: curl -i test does show that the site has now being redirected to a https:// connection. But browser says ERR_CONNECTION_CLOSED
root#Apocalypse:/etc/nginx/ssl/www.example.com/10784# curl -i http://example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 01 Aug 2015 09:52:53 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.example.com/
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
root#Apocalypse:/etc/nginx/ssl/www.example.com/10784# curl -i http://www.example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 01 Aug 2015 09:53:24 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.example.com/
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
Update 3: openssl s_client return with this error
openssl s_client -connect www.example.com:443
CONNECTED(00000003)
140000289871520:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Update 4: I have found out the issue.. apparently this line
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
is causing the issue. once i remove it then everything works like a charm... but now my problem is how should i reroute https://example.com to https://www.example.com? Suppose that the above code is to perform that action.
Ok so I have resolved the issue. Now where do I start.
First
I would like to clarify that there is no problem with the certificate, Laravel forge and nginx configuration file. Everything was well setup and well configured.
Second
Like what I have done in my question above, configure your nginx.conf like such:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 128M;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Note that there is one thing I would like you to pay attention on in this section. When you are redirecting a https connection (port 433 to port 433), you are required to specify again the certificates and keys to be use. Naturally when the server performs a redirect, a new connection is being established therefore a new handshake sequence is required. That is why in my https://example.com redirection
server {
listen 443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
return 301 $scheme://www.example.com$request_uri;
}
I would have to re specify the certificates or else the server will drop the connection since there is no credentials to be validated with. Once you have done with this, you should be half way till completion.
Third
In order to have a proper redirection, there are a few things you need to check and make sure it is configured properly.
Domain names to be configured in your DNS provider and your Hosting
provider must consist of both www and non-www A(Host) registry and
point to the same ip.
Make sure that your name servers are able to resolve non-www addresses (with or without https) into your desired address. Which in my case all http://example.com, http://www.example.com, https://example.com, into https://www.example.com. Performing this check you can use like #Wizzard's suggestion curl -i http://example.com/
Finally
Once everything has been properly configured, you should be on your way to a secured connection browsing.
Can you access the port 80 or port 443? Try running a
curl -i http://example.com/ on your command line, whats the error?
Can you check the nginx logs?
Is nginx even running, maybe restart it again?
service nginx restart
What about the firewall, is that open for port 443?
Checked iptables if installed?
iptables -L