And the nginx build just in case: $ nginx -V nginx version: nginx/1.4.6 (Ubuntu) built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module
On Saturday, 9 May 2015 15:16:50 UTC+1, Paullo wrote: > > Hi, > > I'm in the process of testing Mezzanine with Django 1.8/Python 3.4. I've > been trying to get SSL working for the admin section. I'm fairly new to > nginx/supervisor so I guess it's a config problem, hopefully someone here > can tell me how I'm being stoopid :) Apologies if this isn't mezzanine > specific. > > I can't find any errors in logs except for this nginx error which occurs > when the browser eventually gives up trying to load the /admin page:- > > 2015/05/09 14:31:03 [info] 9769#0: *60 peer closed connection in SSL > handshake while SSL handshaking to upstream, client: 80.192.66.17, server: > www.mrphunt.net, request: "GET /admin/ HTTP/1.1", upstream: > "https://unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock:/admin/";, > host: "www.mrphunt.net" > > > My nginx.conf is pretty much the default fabfile configuration except i'm > redirecting to the www version from the non-www version. > > upstream mrphunt { > server unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock > fail_timeout=0; > } > > server { > server_name mrphunt.net; > return 301 $scheme://www.mrphunt.net$request_uri; > } > > server { > > listen 80; > listen 443 ssl; > server_name www.mrphunt.net; > client_max_body_size 10M; > keepalive_timeout 15; > error_log /home/paul/logs/mrphunt_error_nginx.log info; > access_log /home/paul/logs/mrphunt_access_nginx.log; > > ssl on; > ssl_certificate conf/mrphunt.crt; > ssl_certificate_key conf/mrphunt.key; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > ssl_ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; > ssl_prefer_server_ciphers on; > > # Deny illegal Host headers > #if ($host !~* ^(mrphunt|mrphunt.net|www.mrphunt.net)$) { > if ($host !~* ^(www.mrphunt.net)$) { > return 444; > } > > location / { > proxy_redirect off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Protocol $scheme; > proxy_pass http://mrphunt; > } > > location /static/ { > root /home/paul/webapps/mrphunt/mrphunt; > access_log off; > log_not_found off; > expires 30d; > } > > location /robots.txt { > root /home/paul/webapps/mrphunt/mrphunt/static; > access_log off; > log_not_found off; > } > > location /favicon.ico { > root /home/paul/webapps/mrphunt/mrphunt/static/img; > access_log off; > log_not_found off; > } > } > > gunicorn config: > > from __future__ import unicode_literals > import multiprocessing > > bind = "unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock" > workers = 2 > errorlog = "/home/paul/logs/mrphunt_error.log" > loglevel = "error" > proc_name = "mrphunt" > > > > > My /etc/supervisor/conf.d/mrphunt.conf: > > > [program:gunicorn_mrphunt] > command=/home/paul/webapps/mrphunt/bin/gunicorn -c gunicorn.conf.py -p > gunicorn.pid wsgi:application > directory=/home/paul/webapps/mrphunt/mrphunt > user=paul > autostart=true > stdout_logfile = /home/paul/logs/mrphunt_supervisor > autorestart=true > redirect_stderr=true > environment=LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_LANG="en_US.UTF-8" > > > > SSL cert was generated as per fabfile.py: > > cd /etc/nginx/conf > sudo openssl req -new -x509 -nodes -out mrphunt.crt -keyout mrphunt.key > -subj '/CN=www.mrphunt.net' -days 3650 > > I'm all out of ideas about the SSL problem :( Everything else I've tried > has worked with no problems though yay. > > Paullo > > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
