0

I'm trying to enable spdy with nginx 1.6.0 but spdycheck.org is giving me two complaints:

enter image description here

And

enter image description here

My nginx configuration file is as such:

server {
    listen 80;
    listen 443  ssl spdy;

    server_name 54.201.32.118;

    ssl_certificate /etc/nginx/ssl/tulio.crt;
    ssl_certificate_key /etc/nginx/ssl/tulio.key;

    if ($ssl_protocol = "") {
            rewrite ^  https://$server_name$request_uri? permanent;
    }

    root /usr/share/nginx/html;
    index index.html index.htm;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
            # Uncomment to enable naxsi on this location
            # include /etc/nginx/naxsi.rules
    }
}

The other info of spdycheck you can find at:

http://spdycheck.org/#54.201.32.118
tulio84z
  • 171
  • 4

3 Answers3

1

Try a separate server block for http:

server {
    listen 80;
    server_name 54.201.32.118;

    rewrite ^ https://$server_name$request_uri? permanent;
}

And remove listen 80; from first server block.

Also make sure the SSL certificate has 54.201.32.118 as the common name.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • technically wrong answer, instead of rewrite he needs return 301. and why he needs to remove listen 80;??? omg – ADM May 31 '14 at 21:42
  • @ADM Yes, `return 301` would be better. But that's a minor point. And you have to remove `listen 80;` from the _other_ `server` block. – Michael Hampton May 31 '14 at 22:08
0

They're both quite clear.

Your SSL certificate is not valid, hence the first warning.

You appear to redirect HTTP to HTTPS with a 301 redirect, so you've already done what the second warning suggests.

ceejayoz
  • 32,469
  • 7
  • 81
  • 105
  • The first warning is indeed clear. The second one however doesn't go away even with if ($ssl_protocol = "") { rewrite ^ https://$server_name$request_uri? permanent; } So...how do i make the second warning go away? – tulio84z May 29 '14 at 18:02
  • They're warnings, not errors. As you've implemented their suggested mitigation for the warning, it can be safely ignored. – ceejayoz May 29 '14 at 18:07
  • The thing is that i'm trying to troubleshoot why my performance testing tool is not talking spdy with my server. So my approach was to get everything running as perfectly as possible to be sure that it is the testing tools fault. It is clear what i would have to do to eliminate the first warning but the second one i have no ideia since i already am redirecting HTTP. I'm using chrome benchmark extension btw. – tulio84z May 29 '14 at 18:24
0

SPDY is working fine! but

SSL Certificate is not trusted

The certificate is not signed by a trusted authority. If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.

second part is:

server {
    listen 80;
    server_name example.com;
    return 301 https://www.example.com$request_uri;
}

server {   
    listen 443 spdy ssl;
    server_name www.example.com;
ADM
  • 1,353
  • 12
  • 16