Nginx – SSL, Django, Gunicorn, NGINX – Site can’t be reached using https:// + domain.com

djangogunicornnamecheapnginxssl

I have recently launched a site that uses SSL, specifically Comodo PositiveSSL.

They only issue I am having is that I cannot reach the site using

https://example.com

I have set up redirects in NGINX for http. Here is my config:

upstream myapp {
    server localhost:8000;
}

server {
    listen 80;
    server_name www.example.com example.com;
    root /var/www/;
    if ($host !~* ^(example.com|www.example.com)$ ) {
        return 444;
    }
    return 301 https://$host$request_uri;
}

server {
    listen 443 default ssl;
    root /var/www/;
    server_name www.example.com example.com;
    if ($host !~* ^(example.com|www.example.com)$ ) {
      return 444;
    }

    ssl_certificate      /etc/nginx/ssl/my_crt.crt;
    ssl_certificate_key  /etc/nginx/ssl/my_crt.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;

    access_log /var/log/nginx/myapp_access.log;
    error_log /var/log/nginx/myapp_error.log;
    gzip on;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_types text/css application/x-javascript;
    gzip_vary on;
    client_max_body_size 0;
    try_files $uri @myapp;

    location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 365d;
    }

    location @myapp {
        client_max_body_size 0;
        proxy_pass http://domain;
        proxy_redirect off;
        proxy_read_timeout 5m;
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

My DNS registrar is namecheap and I also have a url redirect set up in my cpanel:

host: @
value: http://www.example.com

With this I am able to successfully hit my site using:

example.com = 302 Moved Temporarily
www.example.com = 302 Moved Temporarily
http://example.com = 302 Moved Temporarily
http://www.example.com = 302 Moved Temporarily

Here, not so much:

https://example.com = Failed to connect to domain.com port 443: Connection refused

I am currently making sure that my SSL cert allows for both:

https://example.com
https://www.example.com

It seems that there documentation states as much:

Secures: www.site.com and site.com

Any insight as to what I might be doing wrong to help correct this would be greatly appreciated.

Thank you.

Update: netstat -an | grep 443 output:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 6131379 /tmp/ssh-Cpqcfwspdv/agent.25443

Best Answer

Since you're getting Connection refused error while having a listening socket on a tcp/443 I'd say it's definitely a packet filter on the way. Check your firewall configuration on the host, or, if it's disabled, check any intermediary firewall on the way.

Related Topic