Heeey all,
I've got an nginx reverse proxy with valid SSL certificates (done by lets encrypt) but I cant get the ssl working.
upstream backend_haakselsenkwaaksels_nl {
server amaya.leonweemen.nl:9050;
}
server {
listen 80;
server_name haakselsenkwaaksels.nl;
return 301 https://$server_name$request_uri;
}
server {
listen 80;
server_name www.haakselsenkwaaksels.nl;
return 301 https://haakselsenkwaaksels.nl$request_uri;
}
server {
listen 443 ssl;
server_name haakselsenkwaaksels.nl;
ssl_certificate /domain-certificates/haakselsenkwaaksels.nl/fullchain.pem;
ssl_certificate_key /domain-certificates/haakselsenkwaaksels.nl/privkey.pem;
# ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/haakselsenkwaaksels.nl.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://backend_haakselsenkwaaksels_nl;
proxy_read_timeout 90;
proxy_redirect https://127.0.0.1:9050 https://haakselsenkwaaksels.nl;
}
}
nginx says my configuration is fine:
weemen@amaya:/domain-certificates# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
I only get data in my general access log (/var/log/nginx/access.log)
XXX.XXX.XXX.XXX - - [30/Dec/2016:10:20:26 +0000] "\x16\x03\x01\x00\xD3\x01\x00\x00\xCF\x03\x03\xBD\x07\xDA" 400 182 "-" "-"
XXX.XXX.XXX.XXX - - [30/Dec/2016:10:20:26 +0000] "\x16\x03\x01\x00\xD3\x01\x00\x00\xCF\x03\x03\xABFB\xC158\x8AE\xF7V\xEE\xE2}%i\xF4\x86!\xFA\xCE\xF7\xF4l\xF55\xD0%Ev\xEE\xFFb\x00\x00$\xAA\xAA\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xCC\x14\xCC\x13\xC0\x09\xC0\x13\xC0" 400 182 "-" "-"
If I connect with the openssl client I see this:
~ openssl s_client -connect haakselsenkwaaksels.nl:443
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1483094367
Timeout : 300 (sec)
Verify return code: 0 (ok)
I've tried a number of things but I'm really getting out options does anyone see something strange here in this configuration?
If you need more info just let me know.
Already many many many thanks in advance.
Best Answer
The problem was in my docker container. The certificate there wasnt readable because it was a symlink.
I mount this folder in my docker container with:
Only ../../archive isnt available there