The plain HTTP request was sent to HTTPS port(NGINX)

Question

First of all my problem is different.

I have used listen 443 default ssl; also listen 443 ssl; and commenting out # but seems nothing is working. Port 80 works fine but on port 443 I get this error.

Currently this is the default file for nginx.

    server {
    listen   80;
    listen   443 ssl;
   #listen   443 default ssl;
    server_name  .******.org;
    keepalive_timeout    70;

   #ssl  on;
    ssl_certificate   /etc/ssl/private/lol/www.*******.crt;
    ssl_certificate_key   /etc/ssl/private/lol/www.********.key;
    ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers          RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

On ssl_protocols I also tried to only use SSLv3 TLSv1 but its same. My nginx version is 1.2.1. I have gone through many online sites even here but I think my problem is not being solved with any of those methods mentioned by different geeks.

So finally I am here. Any suggestions?

P.S: I am using cloudflare, but there I have turned Universal SSL Off as I want to use other ssl.

Answer 1

The error you get is most likely, because you send a unencrypted HTTP-request to the SSL-port.

Something like

wget http://example.com:443/

This is a client problem (the server just tells you that it refuses to answer non-encrypted messages on to-be-encrypted channels)

Answer 2

You should write two server blocks one for http and one for https like:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/public/;
    index index.html;
    #other settings
}

server {
    listen 443;
    server_name localhost;

    root /var/www/public/test/;
    index index.html;

    ssl on;
    ssl_certificate /etc/nginx/certs/wss.pem;
    ssl_certificate_key /etc/nginx/certs/wss.pem;
    #other settings
}

I have tried it with the default nginx settings and both ports work fine.

Answer 3

If you are experiencing this issue with Google Compute Engine / Google HTTP loadbalancer... Ensure you have your instance group setup with separate named ports for http: 80 and https: 443. Or it will randomly select a port.

This came about in my case due to originally setting up the HTTP loadbalancer when it was still in beta. Then when I added another loadbalancer it refreshed the settings and started randomly failing.

It was failing 50% of the time, because I only had Nginx setup with a vhost for port 80, and it was trying to push HTTP requests to port 80 on the web boxes.

Answer 4

It is client problem.

I was having the same issue. Turns out the https prefix was being dropped in the URL.

In the browser inspect the network traffic to verify that the browser is sending an http request, not https. Issue found!

Manually type in the wanted URL with https to retrieve the page successfully.

Now you can go about applying a focused fix to your client.