SSL configuration problem URGENT :(


#1

Hi guys,

First, let me congratulate you on your work !

I have a little problem. So I bought a Positive SSL from namecheap and tried to install it. I made a DO droplet, installed EE, put the crt and key in /var/www/devly.co/cert, went to /etc/nginx/sites-available/devly.co and added:

WPSINGLE FAST CGI NGINX CONFIGURATION

server { listen 80; listen 443 ssl; server_name devly.co www.devly.co; ssl on; ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt; ssl_certificate_key /var/www/devly.co/cert/devly_co.key; access_log /var/log/nginx/devly.co.access.log rt_cache; error_log /var/log/nginx/devly.co.error.log; root /var/www/devly.co/htdocs; index index.php index.htm index.html;

    include common/wpfc.conf;
    include common/wpcommon.conf;
    include common/locations.conf;

force https-redirects

if ($scheme = http) {
    return 301 https://$server_name$request_uri;

}

}

Still something is wrong. The redirect doesn’t work. I just want http and https to work.

What did I do wrong, what do you recommend ?


#2

If you’re forcing HTTP to redirect to HTTPS, my config is below. It also incorporates ipv6 and uses spdy.

server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
server_name domain.com www.domain.com;

ssl on;
ssl_certificate /var/www/domain.com/cert/karlhaworth.crt;
ssl_certificate_key /var/www/domain.com/cert/haworthtechdev.key;

access_log   /var/log/nginx/domain.com.access.log rt_cache;
error_log    /var/log/nginx/domain.com.error.log;

root /var/www/domain.com/htdocs;
index index.php index.htm index.html;

include common/w3tc.conf;
include common/wpcommon.conf;
include common/locations.conf;
}
server {
listen 80;
listen [::]:80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}

#3

@alexblajan

As @karlhaworth suggest add following lines in your nginx configuration

ee site edit devly.co  

Now add following lines

server {
     listen 80;
     server_name devly.co www.devly.co  ;
     return 301 https://domain.com$request_uri;
}

#4

This is the config I use on my site:

server {
    listen 80;
    server_name example.com www.example.com;

    #redirect to https
    rewrite        ^ https://$server_name$request_uri? permanent;

}

server {

listen 443 ssl spdy;
ssl on;
ssl_certificate /etc/nginx/ssl/example_com/ssl_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;

#from YOAST
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2; #SSLv3 disabled for vuln
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_buffer_size 8k;

#SSL Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

# This forces every request after this one to be over HTTPS
add_header Strict-Transport-Security "max-age=31536000";

server_name  example.com www. example.com;
    access_log off; 
    error_log    /var/log/nginx/example.com.error.log crit;

    root /var/www/example.com/htdocs;
    index index.php index.htm index.html;

    include common/wpfc.conf;
    include common/wpcommon.conf;
    include common/locations.conf;
}

#5

Thanks, I resolved it a few days ago. You should turn off SSLv3 because of POODLE. Check your ranking on SSLLABS.


#6

Hello @alexblajan

I hope your query is resolved. I am closing this support topic for now.

Feel free to create a new support topic if you have any queries further. :slight_smile:


#7