Author Topic: How to make Nginx to listen to https port 443?  (Read 15545 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to make Nginx to listen to https port 443?
« on: February 23, 2017, 03:28:40 PM »
Hi there,

Trying CentOS7 with the latest CWP, successfully installed the let's encrypt, so https://my.domain works.  Then installed Nginx+Apache in Apache Setting -> Select Web servers.  Here I got a question:  Nginx only listen to port 80, the http port, NOT 443, the https port. Thus https is still served by Apache, not Nginx.

When configured CWP to use Apache+Nginx,  How to make Nginx to listen to https port 443 for all future clients? Should I change apache template?  Will the auto-renewal of let's encrypt and rebuilt vHost overwrite the settings as well?

ps. I am within AWS VPC so I am using NAT'ed mode.

Thanks!

http://imgur.com/a/cg9dY
« Last Edit: February 23, 2017, 03:39:48 PM by xjlin0 »

Offline
*
Re: How to make Nginx to listen to https port 443?
« Reply #1 on: February 23, 2017, 06:11:36 PM »
it takes manual configuration, its not automated in the gui yet.

So u need to tell nginx to listen to that port and to use this and that certs (u can use the certs u used for setting it up
/etc/letsencrypt/live/domainname/xxx.pem and so on

http://nginx.org/en/docs/http/configuring_https_servers.html

Offline
*****
Re: How to make Nginx to listen to https port 443?
« Reply #2 on: February 23, 2017, 09:12:12 PM »
Cwp uses Apache as the main server and nginx as a reverse proxy

Offline
*
Re: How to make Nginx to listen to https port 443?
« Reply #3 on: February 25, 2017, 02:34:49 PM »
Thanks, so in my NAT'ed case using cwp-el7-latest, under /etc/nginx/conf.d/, there are two Nginx config files: one with domain name and the other is ip address number.  Which one or how should I change?

1. Public_IP_number.conf pointing to local IP address, such as 172.217.6.46.conf
Code: [Select]
server {
listen 192.168.0.1:80;
....
server_name 172.217.6.46;
root /usr/local/apache/htdocs;
.....
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
...
}

2. my.domain.name.conf, such as google.com.conf
Code: [Select]
server {
listen 192.168.0.1:80;
..
server_name google.com www.google.com;
root /home/user/public_html;
...
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
}

I need to add the following lines to Nginx config, but what is my IP?  the local one or the public one?
source: http://forum.centos-webpanel.com/ssl/if-i-force-ssl-across-my-domain-will-i-loose-the-benfits-of-varnishnginx
Code: [Select]
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;

Will the Nginx change above alter mod_security?  Really appreciate your comments and have a great weekend!
« Last Edit: February 25, 2017, 02:49:23 PM by xjlin0 »

Offline
*
Re: How to make Nginx to listen to https port 443?
« Reply #4 on: February 25, 2017, 02:53:24 PM »
Thanks, so in my NAT'ed case using cwp-el7-latest, under /etc/nginx/conf.d, there are two Nginx config files: one with domain name and the other is ip address number.  Which one or how should I change?

1. Public_IP_number.conf pointing to local IP address, such as 172.217.6.46.conf:
Code: [Select]
server {
listen 192.168.0.1:80;
....
server_name 172.217.6.46;
root /usr/local/apache/htdocs;
.....
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
...
}

2. my.domain.name.conf, such as google.com.conf
Code: [Select]
server {
listen 192.168.0.1:80;
..
server_name google.com www.google.com;
root /home/user/public_html;
...
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
}

I need to add the following lines to Nginx config, but what is my IP?  the local one or the public one?
source: http://forum.centos-webpanel.com/ssl/if-i-force-ssl-across-my-domain-will-i-loose-the-benfits-of-varnishnginx
Code: [Select]
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;

Will the Nginx change above alter mod_security?  Really appreciate your comments and have a great weekend!

In the ip and my domain conf change the port to 443 so that that server listens to that port

listen YOUR_IP:443 ssl;

public ip

wha u just did (more for my brains then yours)

u came from nginx on port 80 passing to proxy apache port8181
Now u changed nginx to listen to port 443

only need to rewrite requests from port 80 to 443


server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000";

       [....]
}