I really hope you guys can help me out. I lost my way around different guides of setting up ssl.
When I try to access my site i just get 502 Bad Gateway. Plain old nginx works just fine, and "simple" ssl without forces ssl also works fine.
Here are my config files.
default.conf
## http://xn--srentorp-54a.dk redirects to https://xn--srentorp-54a.dk
server {
listen 80;
listen [::]:80;
server_name xn--srentorp-54a.dk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://xn--srentorp-54a.dk$request_uri;
}
}
## http://www.xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.xn--srentorp-54a.dk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://www.xn--srentorp-54a.dk$request_uri;
}
}
## https://xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xn--srentorp-54a.dk;
ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
location / {
return 301 https://www.xn--srentorp-54a.dk$request_uri;
}
}
## Serves https://www.xn--srentorp-54a.dk
server {
server_name www.xn--srentorp-54a.dk;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
root /var/www/;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~/\.ht {
deny all;
}
}
server {
listen 80;
server_name torpinc.xn--srentorp-54a.dk;
location / {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
server {
listen 80;
server_name perpt.xn--srentorp-54a.dk;
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
ssl.conf
sl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
