And the nginx build just in case: $ nginx -V nginx version: nginx/1.4.6 (Ubuntu) built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module
On Saturday, 9 May 2015 15:16:50 UTC+1, Paullo wrote: > > Hi, > > I'm in the process of testing Mezzanine with Django 1.8/Python 3.4. I've > been trying to get SSL working for the admin section. I'm fairly new to > nginx/supervisor so I guess it's a config problem, hopefully someone here > can tell me how I'm being stoopid :) Apologies if this isn't mezzanine > specific. > > I can't find any errors in logs except for this nginx error which occurs > when the browser eventually gives up trying to load the /admin page:- > > 2015/05/09 14:31:03 [info] 9769#0: *60 peer closed connection in SSL > handshake while SSL handshaking to upstream, client: 80.192.66.17, server: > www.mrphunt.net, request: "GET /admin/ HTTP/1.1", upstream: > "https://unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock:/admin/";, > host: "www.mrphunt.net" > > > My nginx.conf is pretty much the default fabfile configuration except i'm > redirecting to the www version from the non-www version. > > upstream mrphunt { > server unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock > fail_timeout=0; > } > > server { > server_name mrphunt.net; > return 301 $scheme://www.mrphunt.net$request_uri; > } > > server { > > listen 80; > listen 443 ssl; > server_name www.mrphunt.net; > client_max_body_size 10M; > keepalive_timeout 15; > error_log /home/paul/logs/mrphunt_error_nginx.log info; > access_log /home/paul/logs/mrphunt_access_nginx.log; > > ssl on; > ssl_certificate conf/mrphunt.crt; > ssl_certificate_key conf/mrphunt.key; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > ssl_ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; > ssl_prefer_server_ciphers on; > > # Deny illegal Host headers > #if ($host !~* ^(mrphunt|mrphunt.net|www.mrphunt.net)$) { > if ($host !~* ^(www.mrphunt.net)$) { > return 444; > } > > location / { > proxy_redirect off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Protocol $scheme; > proxy_pass http://mrphunt; > } > > location /static/ { > root /home/paul/webapps/mrphunt/mrphunt; > access_log off; > log_not_found off; > expires 30d; > } > > location /robots.txt { > root /home/paul/webapps/mrphunt/mrphunt/static; > access_log off; > log_not_found off; > } > > location /favicon.ico { > root /home/paul/webapps/mrphunt/mrphunt/static/img; > access_log off; > log_not_found off; > } > } > > gunicorn config: > > from __future__ import unicode_literals > import multiprocessing > > bind = "unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock" > workers = 2 > errorlog = "/home/paul/logs/mrphunt_error.log" > loglevel = "error" > proc_name = "mrphunt" > > > > > My /etc/supervisor/conf.d/mrphunt.conf: > > > [program:gunicorn_mrphunt] > command=/home/paul/webapps/mrphunt/bin/gunicorn -c gunicorn.conf.py -p > gunicorn.pid wsgi:application > directory=/home/paul/webapps/mrphunt/mrphunt > user=paul > autostart=true > stdout_logfile = /home/paul/logs/mrphunt_supervisor > autorestart=true > redirect_stderr=true > environment=LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_LANG="en_US.UTF-8" > > > > SSL cert was generated as per fabfile.py: > > cd /etc/nginx/conf > sudo openssl req -new -x509 -nodes -out mrphunt.crt -keyout mrphunt.key > -subj '/CN=www.mrphunt.net' -days 3650 > > I'm all out of ideas about the SSL problem :( Everything else I've tried > has worked with no problems though yay. > > Paullo > > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
