X
X
xenofobius2017-02-24 21:45:34
Nginx
xenofobius, 2017-02-24 21:45:34

NGINX + SSL timed out, how to fix?

I generated a csr + key on the server, received a certificate on this site www.ssl.com, configured nginx, restarted, index.html is loaded on port 80 (http), nothing is loaded on 443, endless loading, the logs on this account are silent. Settings file:

server {
    listen 443 ssl;
    listen 80;
    ssl_certificate /home/user/chained.crt;
    ssl_certificate_key /home/user/privatekey.key;
    ssl_protocols               SSLv3 TLSv1;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    server_name NAME; 
    access_log  /var/log/nginx/example.log;

    location / {
    root /home/username/html/;
    index index.htm index.html;
    autoindex on;
    }
  }

Answer the question

In order to leave comments, you need to log in

1 answer(s)
F
Fixid, 2017-02-24
@ksenofobius

For the ssl_ciphers test, just remove the
key without a password? Nginx latest versions cannot work with a password
Show netstat -nlp
A piece of a working config (http2 can be removed)

server {
    listen 443 ssl http2;
    server_name xxx.com;

    access_log /var/log/nginx/xxx.access.log;
    error_log /var/log/nginx/xxx.error.log;
    root /var/hhvm/xxx;

    gzip on;
    gzip_disable "msie6";
    gzip_types text/plain application/xml application/x-javascript text/javascript text/css text/json application/json;

    ssl on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets on;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256
:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SH
A:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security max-age=15768000;

    ssl_certificate ssl-bundle.crt;
    ssl_certificate_key xxx.key;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question