PHP with SSL

Server NGINX
1

Hello,

I followed the instruction from this link -
http://nginx.org/en/docs/http/configuring_https_servers.html

  • but I can’t solve some issue with PHP and SSL, basically web browser
    says that site is partially encrypted however when I commented out the
    location for the PHP/FastCGI everything works fine. I can access any
    directory/file (for instance http://mydomain.com/randomfile) over SSL
    but main website is not working.
  • Do I need to enable some extra configuration?

Please find my config below:

http {

Global SSL options

ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

server {
add_header Cache-Control “public, must-revalidate”;
expires 90d;
index index.php index.html index.php;
listen 192.168.1.10:443;
root /home/web/mydomain.com;
server_name mydomain.com;

SSL Certs (specific to this URL)

  ssl on;
  ssl_certificate /home/mydomain.com/mydomain.com.chained.crt;
  ssl_certificate_key /home/mydomain.com/mydomain.com.key;

location ~ .php$ {
root /home/web/mydomain.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/home/web/mydomain.com$fastcgi_script_name;
include fastcgi_params;
}
}

Posted at Nginx Forum:

2

Make sure that your PHP output links to the https version of images and
not the http version.

Posted at Nginx Forum:

3

Ensiferous Wrote:

Make sure that your PHP output links to the https
version of images and not the http version.

Hello,

Could you please elaborate on this. Do I need create another ‘location’?
I’ve noticed that when I assess admin side of my website
(http://mydomain.com/admin) the site is encrypted but the main one
(http://mydomain.com) is not.

Regards

Posted at Nginx Forum:

4

On Fri, Jun 17, 2011 at 3:11 AM, HTF [email protected] wrote:

(http://mydomain.com) is not.

I’m still amazed how you put “http://” and “encrypted” in one sentence.

5

edogawaconan Wrote:

I’m still amazed how you put “http://” and
“encrypted” in one sentence.

This is just a typo mistake it should be https pf course.

Posted at Nginx Forum:

6

Hello,

  • now suddenly the browser indicates that site is encrypted however when
    I try to submit a form I have the following message:

"Although this page is encrypted, the information you have entered is to
be sent over an unencrypted connection and could easily be read by a
third party.

Are you sure you want to continue sending this information?"

Is it mean that some part of the website is still not encrypted. Could
you please advise where I need to look for this specific configuration?

Regards

Posted at Nginx Forum:

7

On Fri, Jun 17, 2011 at 2:08 PM, HTF [email protected] wrote:

Is it mean that some part of the website is still not encrypted. Could
you please advise where I need to look for this specific configuration?

the php file which probably generated hardcoded link to http in the
form.

8

On Fri, Jun 17, 2011 at 2:17 PM, HTF [email protected] wrote:

authentication and DHE_RSA as the key exchange mechanism."

How to include all content to be secure?

check your php files

9

The previous message is from Firefox, the Google Chrome says:

"Your connection to mydomain.com is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure. These
resources can be viewed by others while in transit and can be modified
by an attacker to change the behaviour of the page.

The connection uses TLS 1.0.

The connection is encrypted using AES_256_CBC, with SHA1 for message
authentication and DHE_RSA as the key exchange mechanism."

How to include all content to be secure?

Posted at Nginx Forum: