I've added an SSL certificate to my server. (Nginx running passenger & Rails).
I created a CSR, uploaded to GoDaddy, downloaded the keys. Inside /srv/ssl I have
www.mydomain.com.crt
www.mydomain.com.key
My nginx Version:
nginx -V
nginx version: nginx/1.2.6
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module --with-cc-opt=-Wno-error --with-pcre=/tmp/root-passenger-27798/pcre-8.31 --add-module=/home/deploy/.rvm/gems/ruby-1.9.3-p392/gems/passenger-3.0.19/ext/nginx
I added this to my nginx.conf file:
server {
listen 443;
server_name localhost;
ssl_certificate /srv/ssl/www.mydomain.com.crt;
ssl_certificate_key /srv/ssl/www.mydomain.com.key;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Besides the two ssl lines and the port being on 443 instead of 80, the server block is identical to the one above it which serves the regular http.
When I use
listen 443 ssl;
and uncomment this:
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
Then I get an SSL expired warning.
When I re-comment those and just use
listen 443 ssl;
Then I get an error but, when I visit
https://www.mydomain.com/login with a www, I get a green lock in Chrome but a 404. Does this mean I have SSL configured for "www" but not the non-www?
Best Answer
Your
server_name
is set tolocalhost
. You have to put your domain name there (www.domain.com, if your cert has www. prefix), so that nginx can select the proper vhost during SSL negotiation.