Hi all,
Had a chat with a helpful person on IRC but both are stumped as to why
my configuration passes a check (nginx -t) but fails to properly handle
SSL.
Ive split a couple of repetitive blocks out into
/etc/nginx/includes/ssl.conf (-rw-r–r-- root:root - same as nginx.conf
- should not be a problem)
Doing so results in SSL handshake issues (and the connection fails
appropriately)
My cert covers both the root domain and www
An excerpt of my configuration is here:
http://p.ngx.cc/8796278344c60dcb but the relevant part is below:
re-direct non-www https to https
server {
listen 443 ssl;
server_name example.com;
include /etc/nginx/includes/ssl.conf;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl default_server;
server_name www.example.com;
include /etc/nginx/includes/ssl.conf;
root /srv/www/www.example.com/public;
error_page 502 503 504 /5xx.html;
# rest of config (proxy pass to Go server)
# STS header in location block, etc.
}
If I move the include directive (effectively removing the duplication)
into the http block and put the ssl_certificate and ssl_certificate_key
directives into each of the two (2) server blocks instead of
includes/ssl.conf, all is well. But this conflicts with the
documentation (as I interpret it) and still results in some duplicated
configuration.
Ideally I want to drop the entire SSL config for these two domains into
a includes file that I can then just import into the server blocks. If
thats not entirely possible, thats okay but configs Ive seen out in the
wild
(https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf)
seem to do what Im trying to achieve
Cheers,
Matt