tag:blogger.com,1999:blog-35201715.post4631347597861070865..comments2024-02-19T09:15:24.349-06:00Comments on Wensheng: Using Namecheap SSL with NginxWensheng Wanghttp://www.blogger.com/profile/06378277709501525260noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-35201715.post-42222660920628446432019-07-26T07:21:52.934-05:002019-07-26T07:21:52.934-05:00I would like to recommend these guys ... they are ...I would like to recommend <a href="https://www.interssl.com" rel="nofollow">these guys</a> ... they are located inside EU and compliant with EU GDPR. They also offer a free DPA (Data Processing Agreement) so you are on the safe side, legally.<br /><br />jodler303https://www.blogger.com/profile/09244837584549384726noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-47494066574918106522019-07-26T07:21:06.202-05:002019-07-26T07:21:06.202-05:00This comment has been removed by the author.jodler303https://www.blogger.com/profile/09244837584549384726noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-9811133279151845062014-07-11T04:43:39.845-05:002014-07-11T04:43:39.845-05:00Thanks for this great article - however, I have bo...Thanks for this great article - however, I have bought my <a href="https://www.sslpoint.com/wildcard-ssl-certificates/" title="cheap wildcard ssl certificate" rel="nofollow">wildcard ssl certificate from SSLPOINT</a>.<br /><br />Pretty good price and excellent support...Anonymoushttps://www.blogger.com/profile/09194387253052501551noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-15129648241116864992013-10-09T10:50:00.441-05:002013-10-09T10:50:00.441-05:00Thanks, this was just what i was looking for. Work...Thanks, this was just what i was looking for. Worked perfectly after I restarted nginx.Aronwphttps://www.blogger.com/profile/02860637700753740925noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-48347748391895016732012-11-27T23:00:54.119-06:002012-11-27T23:00:54.119-06:00holy cow .... i love you man ! i was so fucking st...holy cow .... i love you man ! i was so fucking stupid that i forgot to turn on port 443. Thanks a lot man !<br /><br />Cheers,<br />MarkMark Thienhttps://www.blogger.com/profile/00509179305586931730noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-9859116359776104962012-11-27T22:32:24.784-06:002012-11-27T22:32:24.784-06:00Do you have firewall? port 443 might be blocked.
...Do you have firewall? port 443 might be blocked.<br /><br />try "iptables -nvL" see if there's firewall rules in place.<br /><br />shutdown firewall temporarily and see if it works.Wensheng Wanghttps://www.blogger.com/profile/06378277709501525260noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-7958001157232554822012-11-27T20:44:38.064-06:002012-11-27T20:44:38.064-06:00hi mrhassell,
yes ssl module is installed:
nginx...hi mrhassell,<br /><br />yes ssl module is installed:<br /><br />nginx version: nginx/1.2.3<br />built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC) <br />TLS SNI support enabled<br />configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g'<br /><br /><br /><br />Mark Thienhttps://www.blogger.com/profile/00509179305586931730noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-90119533180168253042012-11-27T20:24:53.404-06:002012-11-27T20:24:53.404-06:00Mark,
Nginx must be built with the option –with-h...Mark,<br /><br />Nginx must be built with the option –with-http_ssl_module. To verify you can run nginx -V from the terminal to see all the options your current release was built with. Building from source is recommended but if you installed from a package (yum / apt), you might need to hunt for a different build.mrhassellhttps://www.blogger.com/profile/15136308926657649649noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-8595543122328471692012-11-27T18:58:02.189-06:002012-11-27T18:58:02.189-06:00Hi guys,
I followed this guide but doesn't re...Hi guys,<br /><br />I followed this guide but doesn't really works for me.<br /><br />my nginx conf is like below:<br /><br />user nginx;<br />worker_processes 1;<br /><br />error_log /var/log/nginx/error.log warn;<br />pid /var/run/nginx.pid;<br /><br /><br />events {<br /> worker_connections 1024;<br />}<br /><br /><br />http {<br /> include /etc/nginx/mime.types;<br /> default_type application/octet-stream;<br /><br /> log_format main '$remote_addr - $remote_user [$time_local] "$request" '<br /> '$status $body_bytes_sent "$http_referer" '<br /> '"$http_user_agent" "$http_x_forwarded_for"';<br /><br /> access_log /var/log/nginx/access.log main;<br /><br /> sendfile on;<br /> #tcp_nopush on;<br /><br /> keepalive_timeout 65;<br /><br /> #gzip on;<br /><br /> include /etc/nginx/conf.d/*.conf;<br /><br /> server {<br /> listen 443;<br /> server_name binceipt.com<br /> ssl on;<br /> ssl_certificate /etc/ssl/namecheap/ssl-bundle.crt;<br /> ssl_certificate_key /etc/ssl/namecheap/binceipt.com.key.nopass;<br /> keepalive_timeout 70;<br /> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;<br /> ssl_ciphers HIGH:!aNULL:!MD5;<br /> }<br />}<br /><br /><br />when I opened http://binceipt.com/index.html it has no problem. when i opened https://binceipt.com/index.html it just hang there and after that saying page not found.<br /><br />Appreciate anyone help please. thanks !<br /><br />Note: I am using namecheap PositiveSSL, AWS EC2 AMI<br /><br />Cheers,<br />MarkMark Thienhttps://www.blogger.com/profile/00509179305586931730noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-72343280820036281692012-11-20T05:42:27.659-06:002012-11-20T05:42:27.659-06:00Hi,
Yes! Issuing that command over any existing k...Hi,<br /><br />Yes! Issuing that command over any existing key, will remove the password - I think that was causing some confusion and I wanted to clarify that works as I used this with my Nginx config and got exactly the results expected - thank you!<br /><br /># Nginx HTTPS<br />server {<br /> listen 443;<br /> server_name localhost;<br /><br /> root html;<br /> index index.html index.htm;<br /><br /> ssl on;<br /> #ssl_certificate cert.pem;<br /> ssl_certificate ssl/example.com.pem;<br /> ssl_certificate_key ssl/example.com.key;<br /><br /> ssl_session_timeout 5m;<br /><br /> ssl_protocols SSLv3 TLSv1;<br /> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;<br /> ssl_prefer_server_ciphers on;<br /><br /> location / {<br /> try_files $uri $uri/ /index.html;<br /> }<br />}mrhassellhttps://www.blogger.com/profile/15136308926657649649noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-43531832031809994412012-11-20T00:34:46.879-06:002012-11-20T00:34:46.879-06:00mrhassell, that's exactly what I had in the po...mrhassell, that's exactly what I had in the post:<br /><b>openssl rsa -in example.com.key -out example.com.key.nopass</b>Wensheng Wanghttps://www.blogger.com/profile/06378277709501525260noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-61985873749508018032012-11-19T00:53:24.655-06:002012-11-19T00:53:24.655-06:00Another way to handle password requests is to stri...Another way to handle password requests is to strip it from the private key, with OpenSSL;<br /><br />openssl rsa -in example.com.key -out example.com-stripped.keymrhassellhttps://www.blogger.com/profile/15136308926657649649noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-67756247649977495942012-08-06T18:03:43.190-05:002012-08-06T18:03:43.190-05:00My bad ... I did not open the port on 443, it work...My bad ... I did not open the port on 443, it works all fine. Thanks for the blog.Satishhttps://www.blogger.com/profile/04455388759819529757noreply@blogger.comtag:blogger.com,1999:blog-35201715.post-18993194858433612712012-08-06T16:15:14.330-05:002012-08-06T16:15:14.330-05:00I used "Other" because NGINX was not in ...I used "Other" because NGINX was not in the list... your blog suggests to pick Apache/OpenSSL. Do you think this is an important thing ? I copied the files and point my nginx.conf to the certificates but unable to see SSL getting activated... appreciate your comments.Satishhttps://www.blogger.com/profile/04455388759819529757noreply@blogger.com