Hi,
I wanted to add SSL to my webserver, but I am not able to get a proper connection via browser although the SSL-test at ssllabs gave me an "A-".
First things first: I use nginx inside an ezjail on a machine with just one public IP. nginx is reachable and serves http well. So I got me a ssl certificate by cacert.org and "installed" it. (It's not the first time I done this with nginx, but until now I always used Ubuntu)
My nginx.vhost.conf:
On my "host", my pf.conf:
When I try to connect via browser I only get an NET::ERR_CERT_INAVLID. Qualys SSLLabs says everything is "ok" (they don't trust cacert and at the moment i don't have a full certificate chain): https://www.ssllabs.com/ssltest/analyze.html?d=huehnerhose.de
My error.log made me wonder:
Every time I connect via browser this line pops up. My only suspicion is that nginx "binds" to the wrong IP or something. I tried to bind nginx to the jail-internal ip but that changed nothing.
Do you have any ideas how to solve this?
Thank and best regards!
I wanted to add SSL to my webserver, but I am not able to get a proper connection via browser although the SSL-test at ssllabs gave me an "A-".
First things first: I use nginx inside an ezjail on a machine with just one public IP. nginx is reachable and serves http well. So I got me a ssl certificate by cacert.org and "installed" it. (It's not the first time I done this with nginx, but until now I always used Ubuntu)
My nginx.vhost.conf:
Code:
server {
listen 443 ssl;
server_name huehnerhose.de www.huehnerhose.de;
error_log /var/log/nginx-huehnerhose.error.log debug;
access_log /var/log/nginx-huehnerhose.access.log;
ssl on;
ssl_certificate /path/to/cert.crt;
ssl_certificate_key /path/to/cert.key;
root /usr/local/www/huehnerhose/www/;
location / {
index index.php index.html;
}
}
On my "host", my pf.conf:
Code:
ext_if="vtnet0"
jail_if="lo1"
IP_PUB="37.120.172.66"
IP_JAIL_NGINX="10.0.0.10"
scrub in all
nat pass on $ext_if from $jail_if:network to any -> $IP_PUB
# Forward: HTTP, HTTPS to nginx-Jail
rdrpass on $ext_if proto tcp from any to $IP_PUB port 80 -> $IP_JAIL_NGINX
rdrpass on $ext_if proto tcp from any to $IP_PUB port 443 -> $IP_JAIL_NGINX
When I try to connect via browser I only get an NET::ERR_CERT_INAVLID. Qualys SSLLabs says everything is "ok" (they don't trust cacert and at the moment i don't have a full certificate chain): https://www.ssllabs.com/ssltest/analyze.html?d=huehnerhose.de
My error.log made me wonder:
Code:
2014/12/17 20:01:41 [info] 44213#0: *1 client closed connection while waiting for request, client: 87.160.83.181, server: 0.0.0.0:443
Do you have any ideas how to solve this?
Thank and best regards!