# nginx and ssl port 443  has anyone done this?

## cwc

I'd like to some advice with https .

I can not get this to work on my server.

http://wiki.gentoo.org/wiki/Nginx

I read the above link and have search how to set up a https  web server.

Currently I test on my gentoo box using port 80.

http://68.186.77.53/

I've also read this link from the nginx site.

http://nginx.org/en/docs/http/configuring_https_servers.html

I'd like to learn how to use port 443.

Please throw me a bone.

----------

## wxd

Did you generated self-signed certificate?

Please post your config.

----------

## Hu

It should work fine.  Please explain why you think your setup is not working.

----------

## cwc

 *dw2sm wrote:*   

> Did you generated self-signed certificate?
> 
> Please post your config.

 

thanks for the help

here is my config.  I did generate a key with:

$ openssl passwd

Password: 

Verifying - Password: 

VCbvgrJh1ojqQ

```

user nginx nginx;

worker_processes 1;

error_log /var/log/nginx/error_log info;

events {

   worker_connections 1024;

   use epoll;

}

http {

   include /etc/nginx/mime.types;

   default_type application/octet-stream;

   

   #cwc 140809

   fastcgi_buffers 8 16k;

fastcgi_buffer_size 32k;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

   log_format main

      '$remote_addr - $remote_user [$time_local] '

      '"$request" $status $bytes_sent '

      '"$http_referer" "$http_user_agent" '

      '"$gzip_ratio"';

   client_header_timeout 10m;

   client_body_timeout 10m;

   send_timeout 10m;

   connection_pool_size 256;

   client_header_buffer_size 1k;

   large_client_header_buffers 4 2k;

   request_pool_size 4k;

   gzip on;

   gzip_min_length 1100;

   gzip_buffers 4 8k;

   gzip_types text/plain;

   output_buffers 1 32k;

   postpone_output 1460;

   sendfile on;

   tcp_nopush on;

   tcp_nodelay on;

   keepalive_timeout 75 20;

   ignore_invalid_headers on;

   index index.html index.php;

   server {

       listen 80; 

      

         server_name localhost azzerare;

      access_log /var/log/nginx/localhost.access_log main;

      error_log /var/log/nginx/localhost.error_log info;

      root /home/cwc/html;

      

      location / {

                     autoindex on;

           }

      

        location ~ .php$ {

                        fastcgi_pass 127.0.0.1:9000;

                        include fastcgi.conf;

         

         #location ~ \.php$ {

                       # Test for non-existent scripts or throw a 404 error

                       # Without this line, nginx will blindly send any request             

         #ending in .php to php-fpm

                       #try_files $uri =404;

                       #include /etc/nginx/fastcgi.conf;

                       #fastcgi_pass unix:/run/php-fpm.socket;

      }

   }

   # SSL example

   server {

      listen 127.0.0.1:443;

      server_name localhost 192.168.1.14 azzerare;

      ssl on;

      ssl_certificate /etc/ssl/nginx/nginx.pem;

      ssl_certificate_key /etc/ssl/nginx/nginx.key;

      access_log /var/log/nginx/localhost.ssl_access_log main;

      error_log /var/log/nginx/localhost.ssl_error_log info;

#       root /var/www/localhost/htdocs;

      root /home/cwc/html;

   }

}

```

----------

## cwc

 *Hu wrote:*   

> It should work fine.  Please explain why you think your setup is not working.

 

thanks for the help

Here's the error:

azzerare uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for localhost (Error code: sec_error_unknown_issuer)

```

This Connection is Untrusted

You have asked Firefox to connect securely to azzerare, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

azzerare uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for localhost (Error code: sec_error_unknown_issuer)

If you understand what's going on, you can tell Firefox to start trusting this site's identification. Even if you trust the site, this error could mean that someone is tampering with your connection.

Don't add an exception unless you know there's a good reason why this site doesn't use trusted identification.

```

----------

## xaviermiller

Seems OK and normal.

----------

## cwc

My index page is a php file:

index.php

```

<?php 

session_start(); 

$_SESSION['pagename'] = "azzerare";

include 'db/pushhits.php';

/*** begin the session ***/ 

  

if(!isset($_SESSION['user_id'])) 

{   $message = 'You must be logged in to access this page'; }

else 

{  try  {     

        $mysql_hostname = 'localhost';   $mysql_username = 'mysql_username';  $mysql_password = 'mysql_password';   $mysql_dbname = 'phpro_auth'; 

              $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); 

            $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

              $stmt = $dbh->prepare("SELECT username FROM users WHERE id = :id"); 

          $stmt->bindParam(':id', $_SESSION['id'], PDO::PARAM_INT); 

          $stmt->execute(); 

          $phpro_username = $stmt->fetchColumn(); 

          if($phpro_username == false) 

              {          $message = 'Access Error';  } 

        else 

              {      $message = 'Welcome '.$phpro_username;   } 

    } 

    catch (Exception $e) 

    {   $message = 'We are unable to process your request. Please try again later"';  } 

} 

?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

. . . . . .

```

----------

## xaviermiller

The only problem is that Firefox warns you because your SSL certificate is self-signed. This is normal, you have to tell Firerfox your SSL certifiact is OK to disable the warning and show your website.

----------

## cwc

 *XavierMiller wrote:*   

> The only problem is that Firefox warns you because your SSL certificate is self-signed. This is normal, you have to tell Firerfox your SSL certifiact is OK to disable the warning and show your website.

 

thanks I think I got it using index.html

i need to go to work and I'll work on php tonight

thanks again

----------

