Nginx + apache problem with 443 port

Here is my nginx config for port 443:

server {
    listen           *:443;
    server_name      site.com;

    ssl         on;
    ssl_protocols       SSLv3 TLSv1;
    ssl_certificate     /www/certs/site.com.crt;
    ssl_certificate_key /www/certs/site.com.key;

     access_log /var/log/nginx.site.com-access_log;
    location ~* .(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
        root /www/site.com/;
        index index.html index.php;
        access_log off;
        expires 30d;
    }
    location ~ /.ht {
        deny all;
    }
    location / {
        proxy_pass http://127.0.0.1:81/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $remote_addr;
        proxy_set_header Host $host;
        proxy_connect_timeout 60;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_redirect off;
        proxy_set_header Connection close;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
    }
}

Question 1: Why am I being asked to enter a PEM pass to the cert? How can I enver the password in the nginx config?

178-162-174-212:/usr/bin# service apache2 restart
Restarting web server: apache2.

178-162-174-212:/usr/bin# service nginx restart
Restarting nginx: Enter PEM pass phrase:
Enter PEM pass phrase:
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: still could not bind()
nginx.

Question 2: Why is there a conflict on port 443?

Apache config:

NameVirtualHost *:81
Listen 127.0.0.1:81
Listen 999

<IfModule mod_ssl.c>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

If I comment out the line "Listen 443" that site.com:443 does not work.

Best Answer

You have both Apache and nginx configured to listen on port 443.

It looks like your intention is to have nginx take control of that port, so you'll want to remove that configuration from Apache, and restart both services: Apache first, then nginx. This should allow nginx to bind to port 443 and serve those requests.

As for the certificate passphrase, nginx doesn't support saving the passphrase for des-encrypted private keys in the config file (good for them; the obscurity granted by that is worthless). Decrypt the private key (and make sure it's only readable by the user that nginx is running as):

mv /www/certs/site.com.key /www/certs/site.com.keyold
openssl rsa -in /www/certs/site.com.keyold -out /www/certs/site.com.key

Best Answer

Related Solutions

Nginx – Help needed setting up nginx to serve static files

Nginx – Why WordPress Loads Blank Pages on Nginx and PHP-FPM

Related Topic