HTTPS can't link, ask for help!


#1

HTTPS can’t link, ask for help! HTTP is normal.
server
{
listen 80;
listen 443 ssl spdy;
#listen [::]:443 ssl spdy;
#listen [::]:80;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.shcxco.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.shcxco.com-0001/privkey.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
server_name www.shcxco.com shcxco.com;
index index.html index.htm index.php default.html default.htm default.php;
root /data/wwwroot/www.shcxco.com;

    include wordpress.conf;
    #error_page   404   /404.html;
    location ~ [^/]\.php(/|$)
    {
        # comment try_files $uri =404; to enable pathinfo
        try_files $uri =404;
        fastcgi_pass  unix:/tmp/php-cgi.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
        #include pathinfo.conf;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
    }

    access_log  /home/wwwlogs/www.shcxco.com.log  access;
}

#2

Does your server have any firewall running? If so, you need to change your firewall configuration to allow HTTPS connections over TCP port 443 (or whatever port you’re using).


#3

There is no limit to the any network port


#4

If you could clarify the problem statement and elaborate on “HTTPS can’t link”, that might help. If, for example, the problem is that after accessing HTTPS site and clicking the link you are going back to HTTP, that means you need to get the links in order and drop “http:” part from those which explicitly use it.


#5

Hello @wangwhai,

The first thing you should check is that nginx is being started correctly and keeps listening on port 443 because right now there is nothing listening on port 443 or it is being filtered by your firewall, your router, your ISP…

To check whether nginx is listening on port 443 you can execute one of the below commands (you need to execute them as root or using sudo):

Example 1 using lsof command:

lsof -P -n -iTCP:443 -sTCP:LISTEN

You should see something like this:

COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   16104  root   11u  IPv4 523604      0t0  TCP *:443 (LISTEN)
nginx   16105 nginx   11u  IPv4 523604      0t0  TCP *:443 (LISTEN)

Example 2 using netstat command:

netstat -ptln | grep 443

You should see something like this:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 16104/nginx.conf

If nginx is listening on 443 you should double check that this port is not filtered, by your own fireall, your router, your ISP, etc.

If nginx is not listening on port 443 you should check the nginx error log and you will see the reason it can’t starts.

You didn’t provide too much info about your system so our answers are very limited.

Cheers,
sahsanu


#6

Thank you very much for your help. I try to look at the server.


#7

Thank you very much for your help.


#8


#9


#10


#11

Hi @wangwhai,

I’ve been testing it for a while and the connection to your domaind through port 443 is erratic. I’ve tried to connect to your domain (port 80 and 443) from 5 different countries (Spain, Germany, U.S., France and U.K.) and I always can connnect to port 80, nginx is there but I receive timeouts on port 443, sometimes it connects to port 443 but seems nginx is not there, seems there is any other service listening on port 443 so, are you sure there is no router, firewall filtering the connection to port 443?.

Edit: I forgot to mention that I did the tests against your 2 public ips 2x.xx.250.x7 and 2x.xx.218.x7 with the same results.

Cheers,
sahsanu


#12

Maybe we live in TianChao, there are GFW to open the ssl certified server to the wall.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.