Problem when reconfiguring Nginx for SSL with self-signed certificate

Frank_Mascarell nginx-forum at forum.nginx.org
Tue Sep 4 18:30:18 UTC 2018 

I have a VPS on Digital Ocean with Ubuntu 18.04, Nginx, Gunicorn, Django,
and a test web application, all configured (ufw) to work with http: 80.
Everything works perfectly. Tutorial:
https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04#configure-nginx-to-proxy-pass-to-gunicorn

Now I modify the file /sites-available/LibrosWeb to allow SSL traffic with a
self-signed certificate, since I do not have a domain. 
Tutorial:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04

Result "Error 502 Bad Gateway".

This is the initial code that works well with http: 80:

server{
    #Configuracion http

    listen 80;
    listen [::]:80;
    server_name 15.15.15.15;

    location = /favicon.ico { access_log off; log_not_found off; }
    location  /robots.txt {
        alias /var/www/LibrosWeb/robots.txt ;
    }        
    location /static/ {
        root /home/gela/LibrosWeb;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }
}

And this is the code to allow SSL (error 502):

server{
    #Configuracion SSL

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 15.15.15.15;
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;

    location = /favicon.ico { access_log off; log_not_found off; }
    location  /robots.txt {
        alias /var/www/LibrosWeb/robots.txt ;
    }
    location /static/ {
        root /home/gela/LibrosWeb;
    }

    location / {
        include proxy_params;
        proxy_pass https://unix:/run/gunicorn.sock;
    }
}

server{
    #Configuracion http

    listen 80;
    listen [::]:80;
    server_name 15.15.15.15;
    return 302 https://15.15.15.15$request_uri;
}

UFW configured as:

80,443/tcp (Nginx Full)    ALLOW IN    Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN    Anywhere (v6)

The files /etc/nginx/snippets/self-signed.conf and
/etc/nginx/snippets/ssl-params.conf are the same as those in the tutorial.

I've been testing configurations for two days and the most I could get is
that I work halfway, that is, I can show the default page of django but not
the one of my application, if I put the code like this:

server{
    #Configuracion http

    listen 80;
    listen [::]:80;
    server_name 15.15.15.15;
    return 302 https://15.15.15.15$request_uri;

    location = /favicon.ico { access_log off; log_not_found off; }
    location  /robots.txt {
        alias /var/www/LibrosWeb/robots.txt ;
    }
    location /static/ {
        root /home/gela/LibrosWeb;
    }
}

server{
    #Configuracion SSL

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 15.15.15.15;
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;

    location / {
       include proxy_params;
       proxy_pass https://unix:/run/gunicorn.sock;
    }
}
What is wrong, or what is missing?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,281099,281099#msg-281099

More information about the nginx mailing list