Setting up SSL - https works, http not working

nginx ssl https

5,824

Solution 1

You need to use:

listen 80;
listen 443 ssl;

in those virtualhosts where you want to use both https and http.

I would prefer redirect from http to https. The you need to make a separate virtual host for http, that redirects all requests to https version.

Solution 2

To qoute your question:

 I replaced listen 80 default; to listen 443;

Do not replace listen 80.

Instead add listen 443.

to be more specific:

Qouting Alexander Azarov from stackexchange

The error says it all actually. Your configuration tells Nginx to listen on port 80 
(HTTP) and use SSL. When you point your browser to `http://localhost`, it tries to 
connect via HTTP. Since Nginx expects SSL, it complains with the error.

The workaround is very simple. You need two server sections:

server {
  listen 80;

  // other directives...
}

server {
  listen 443;

  ssl on;
  // SSL directives...

  // other directives...

}

5,824

Stefanos.Ioannou

Hi, I’m Stefanos! Since I was a teen I was drawn into computing. At the age of 12, I created my first html site and at the age of 14 I created my first desktop application using Visual Basic. I am now passionate with Rails as it promotes creativity through its simplicity. Feel free to checkout my blog! I am available; searching for an awesome team for a full-time role.

Updated on September 18, 2022

Comments

Stefanos.Ioannou over 1 year

Update: A temp solution I found was to just redirect all http requests to https.

I have been working on setting up SSL on my website. It is like on a Rails.

I use nginx with unicorn. I bought the certificate from GoDaddy. Then I set it up and generated the CSR at /etc/nginx/ssl by following the instructions of this document.

Then I copied the text of the generated .csr file and used it to issue the certificate from GoDaddy. After the certificate was issued I downloaded the key bundle generated on GoDaddy and followed the instruction found on this document.

Then configured my /etc/nginx/sites-enabled/mysite.conf file:

(I added the following lines under the server { ... }

  listen 443;
  ssl on;
  ssl_certificate /etc/nginx/ssl/mysite.crt;
  ssl_certificate_key /etc/nginx/ssl/mysite.key;

(I replaced listen 80 default; to listen 443;)

Then, I restarted the server and got the HTTPS://www.example.com working. The https was with green color and was showing that the certificate is fine.

However when I browse to HTTP://www.example.com I get an error: 502 Bad Gateway - nginx.

I am not sure what is causing this. Any clue?

If you need any other information let me know and I will post them.

My sites config:

/etc/nginx/sites-enabled/example.conf 

upstream example {
  server unix:/u/app/example/shared/.sock fail_timeout=0;
}

server {
  listen 80;
  server_name  www.example.com;
  root   /u/app/example/current/public/;
  access_log  /u/app/example/shared/log/nginx.access.log;
  error_log  /u/app/example/shared/log/nginx.error.log;
  client_max_body_size 20M;

  try_files $uri/index.html $uri.html $uri @app;
  location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://example;
        }
}

my /etc/nginx/nginx.conf

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events { worker_connections 1024; }

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

         server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        upstream app_server { server 127.0.0.1:8080 fail_timeout=0; }

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";
        gzip_types text/plain text/xml text/css text/comma-separated-values;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

and the /etc/nginx/sites-available/default file is:

server {
        root /u/app/example/current/public;
        server_name _;
        index index.htm index.html;

        location / {
                try_files $uri/index.html $uri.html $uri @app;

        }

#       location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|$
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
                        try_files $uri @app;
                }

         location @app {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_pass http://app_server;
    }

}

The log file when I had both:

listen 80; listen 443;

was outputing 212.50.121.69 - - [28/Jul/2014:15:35:53 +0000] "-" 400 0 "-" "-"

Michael Hampton almost 10 years

Post the complete server blocks for your HTTP and HTTPS sites.
Stefanos.Ioannou almost 10 years

@MichaelHampton i included the config files
Stefanos.Ioannou almost 10 years

@VaibhavPanmand added the one log entry

Stefanos.Ioannou almost 10 years

Thanks for posting. I tried that before and I was getting this error: "400 Bad Request The plain HTTP request was sent to HTTPS port"
Stefanos.Ioannou almost 10 years

thanks for posting. Getting the same error as per Dennis' Nolte answer.
Tero Kilkanen almost 10 years

Can you post the complete configuration that caused this error?
Stefanos.Ioannou almost 10 years

I have included my config in the question
Tero Kilkanen almost 10 years

Your question includes only the configuration with listen 80; directive. What is the complete configuration when you get the 400 Bad Request error?