Nginx fails to direct to https server block on same domain

Question

I'm attempting to serve a static file using nginx over https.

Setup

DNS correctly points subdomain to AWS IP:

subdomain1.website.com -> correct IP

Working config

I've found the following simple server setup to be working completely correctly. However when I modify it to forward to https, it fails without error.

# /etc/nginx/sites-available/default
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name subdomain1.website.com;

    root /usr/share/nginx/temp-content;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Attempting to redirect to https

# /etc/nginx/sites-available/default
server {
    listen 443 ssl;

    server_name subdomain1.website.com;

    root /home/deploy/temp-content;

    ssl_certificate /etc/letsencrypt/live/subdomain1.website.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/subdomain1.website.io/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

}

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name subdomain1.website.com;
    return 301 https://$server$request_uri;
}

I'm completely lost as to why this is failing. Nginx just return's 301 and error.log has no relevant logs.

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
</body>
</html>

Edit: Just want to include that the permissions on the files served from /usr/share/nginx/temp-content are identical to the (working) files in /usr/share/nginx/html.

A 301 is what you're supposed to get. How is it failing exactly? — Michael Hampton, Nov 05 '16 at 06:21
Have you opened port 443 on the firewalls between the Internet and server — Drifter104, Nov 05 '16 at 08:21
What is `$server`? Surely it should be `$server_name`, `$http_host`, or `$host` depending on your requirements. See [this document](http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_name) for more. — Richard Smith, Nov 05 '16 at 09:38
Definitely a face palm, port 443 was not open due to a changed security group. — Jacob Young, Nov 05 '16 at 18:04

score 1 · Answer 1 · answered Nov 05 '16 at 18:06

1

The solution, as Drifter104 mentioned, was that port 443 was closed in the security group. This happened on the server some time ago then the security group was changed.

Thanks for pointing that out!

answered Nov 05 '16 at 18:06

Jacob Young

21
3

Nginx fails to direct to https server block on same domain

Setup

1 Answers1