Update: A temp solution I found was to just redirect all http requests to https.
I have been working on setting up SSL on my website. It is like on a Rails.
I use nginx with unicorn. I bought the certificate from GoDaddy. Then I set it up and generated the CSR at /etc/nginx/ssl
by following the instructions of this document.
Then I copied the text of the generated .csr file and used it to issue the certificate from GoDaddy. After the certificate was issued I downloaded the key bundle generated on GoDaddy and followed the instruction found on this document.
Then configured my /etc/nginx/sites-enabled/mysite.conf file:
(I added the following lines under the server { … }
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/mysite.crt;
ssl_certificate_key /etc/nginx/ssl/mysite.key;
(I replaced listen 80 default;
to listen 443;
)
Then, I restarted the server and got the HTTPS://www.example.com
working. The https was with green color and was showing that the certificate is fine.
However when I browse to HTTP://www.example.com
I get an error: 502 Bad Gateway – nginx.
I am not sure what is causing this. Any clue?
If you need any other information let me know and I will post them.
My sites config:
/etc/nginx/sites-enabled/example.conf
upstream example {
server unix:/u/app/example/shared/.sock fail_timeout=0;
}
server {
listen 80;
server_name www.example.com;
root /u/app/example/current/public/;
access_log /u/app/example/shared/log/nginx.access.log;
error_log /u/app/example/shared/log/nginx.error.log;
client_max_body_size 20M;
try_files $uri/index.html $uri.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://example;
}
}
my /etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
upstream app_server { server 127.0.0.1:8080 fail_timeout=0; }
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/xml text/css text/comma-separated-values;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
and the /etc/nginx/sites-available/default file is:
server {
root /u/app/example/current/public;
server_name _;
index index.htm index.html;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
# location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|$
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
try_files $uri @app;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
The log file when I had both:
listen 80;
listen 443;
was outputing 212.50.121.69 - - [28/Jul/2014:15:35:53 +0000] "-" 400 0 "-" "-"
Best Answer
You need to use:
in those virtualhosts where you want to use both https and http.
I would prefer redirect from http to https. The you need to make a separate virtual host for http, that redirects all requests to https version.