I'm having trouble getting SSL to work with my Nginx installation. I found a couple of other questions related to this but they did not fix my problem.
Checks I did:
nginx -treturns with no errorsufw disableto let all traffic troughnetstat -nltptells me thattcp:0.0.0.0:80andtcp:0.0.0.0:433go tonginx: mastercurl -v https://mywebsite.nlreturnsFailed to connect to mywebsite.nl port 443: Connection refusedcurl -v http://mywebsite.nlreturns OK
Weird things:
netstat -peanut | grep ":80 "returns withtcp:0.0.0.0:80bound tonginx: masterbut when I trynetstat -peanut | grep ":443 "it returns nothing?- if I try
nmap -p 433 mywebsite.nlit returns433/tcp filtered nnspwhile I expected the port to be open as it does with port 80
I bundled my CA certificate together with my own one (in the right order as mentioned by the Nginx docs).
My Nginx-conf looks like this:
server {
listen 80;
listen 433 ssl http2;
ssl_certificate /etc/ssl/certs/mywebsite.nl-bundle.crt;
ssl_certificate_key /etc/ssl/certs/mywebsite.nl.key;
server_name *.mywebsite.nl;
root /var/www/mywebsite-app/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
It should be 443, not 433. See also the error message, which also says that it tries to connect to port 443: