SSL mesh


#1

Hi,

I have successfully installed easyengine: web server, mail server and wordpress.

I bought a single domain SSL certificate and made the whole site https.

So,

I think i messed up with the virtual hosts conf, but I don’t know how to fix it.

Mydomain configuration is:

server {
   server_name XX.XX.XX.XX; #redirect my ip to my domain
   add_header X-Frame-Options "SAMEORIGIN";
   return 301 $scheme://mydomain.com$request_uri;
}

server {
    listen 80;
    server_name mydomain.com www.mydomain.com;

    listen 443 ssl spdy;
    listen [::]:443 ssl spdy;

    ssl on;
    ssl_certificate /etc/nginx/ssl/mydomain_com/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/private/mydomain_com/www_mydomain_com.key;

    ssl_session_timeout 10m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/ssl/trustchain/trustchain.crt;
    resolver 8.8.8.8 8.8.4.4;

    add_header Strict-Transport-Security "max-age=31536000;";

    access_log   /var/log/nginx/mydomain.com.access.log rt_cache;
    error_log    /var/log/nginx/mydomain.com.error.log;

    root /var/www/mydomain.com/htdocs;
    index index.php index.htm index.html;

    include common/wpfc.conf;
    include common/wpcommon.conf;
    include common/locations.conf;
}

My 22222 configuration is:

server {

    listen 22222 default_server ssl spdy;

    access_log   /var/log/nginx/22222.access.log rt_cache;
    error_log    /var/log/nginx/22222.error.log;

    ssl_certificate /var/www/22222/cert/22222.crt;
    ssl_certificate_key /var/www/22222/cert/22222.key;

    # Force HTTP to HTTPS
    error_page 497 =200 https://$host:22222$request_uri;

    root /var/www/22222/htdocs;
    index index.php index.htm index.html;

    # Turn on directory listing
    autoindex on;

    location / {
            include common/acl.conf;
            try_files $uri $uri/ /index.php?$args;
    }

    location =  /fpm/status/ {}

    location ~ /fpm/status/(.*) {
            include fastcgi_params;
            fastcgi_param  SCRIPT_NAME  /status;
            fastcgi_pass $1;
    }

    location ~ \.php$ {
            include common/acl.conf;
            try_files $uri =404;
            include fastcgi_params;
            fastcgi_pass php;
    }

    # ViMbAdmin Rules
    location = /vimbadmin/ {
            return 301 $scheme://$host:22222/vimbadmin/public/;
    }

    location ~* \.(js|css|jpg|gif|png)$ {
            root /var/www/22222/htdocs/;
    }

    location ~* /vimbadmin/public/(.*)/(.*) {
            root /var/www/22222/htdocs/vimbadmin/public;
            try_files $uri $uri/  /vimbadmin/public/index.php?$args;
    }

    location ~* /vimbadmin/public/(.*) {
            root /var/www/22222/htdocs/vimbadmin/public;
            try_files $uri $uri/  /vimbadmin/public/index.php?$args;
    }

}

And webmail configuration is:

  server {
    listen 80;
    server_name webmail.mydomain;
    return 301 https://webmail.mydomain.com;

  }

  server {

    listen 443 ssl;

    server_name webmail.mydomain;
    access_log   /var/log/nginx/webmail.access.log;
    error_log    /var/log/nginx/webmail.error.log;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    root /var/www/roundcubemail/htdocs/;
    index index.php;

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
            try_files $uri =404;
            include fastcgi_params;
            fastcgi_pass 127.0.0.1:9000;
    }

  }

Thank you in advance and best regards


#2

@Jorge_Mesa

To access https://mydomain.com:22222 put your ssl certificates in /var/www/22222/cert/ location and rename them to 22222.crt and 22222.key.

To access roundcube you need another ssl certificate.


#3

Thanks for your answer.

So I can’t use a self signed certificate for webmail.mydomain.com?

Regards and thank you again


#4

You can use self signed certificate for webmail.mydomain.com but your uses must have experiance to go with warning thrown by this


#5

Hello @Jorge_Mesa,

I hope your query is resolved. I am closing this support topic for now.

Feel free to create a new support topic if you have any queries further. :slight_smile:


#6