So I’m at the part where you connect to the server via the browser (using Mozilla but getting similar errors with other browsers)
And get the following error (freely translated): Error: secured connection failed
An error occured while connecting to [MYDOMAINNAME].dyndnss.net. SSL got an entry that exceeded the maximal length. Errorcode: SSL_ERROR_RX_RECORD_TOO_LONG
Thanks for help, please let me know if you need further information.
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/cloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
The error you are receiving indicates a HTTP response on a HTTPS port. Can you double check that Nginx is not serving up a default HTTP virtual host on port 443?
Regarding the configuration, there are a couple of small issues.
1: Try not to use variables in your return code. For example, ‘return 301 https://$server_name$request_uri;’ could be,
So I did what you mentioned in 1 and 2 (what are nice tips), but it didn’t solve the problem…
I am not entierely sure if i updated ssl ciphers right.
I chosed the exact version of my ssl and server version and added all the lines that were there.
Since then i can’t restart the service and if i just change the ciphers line the problem isn’t solved either.
A virtual host is basically a server block. Your configuration shows two server blocks. I suspect there is a another server block somewhere, a default block that is responding to your requests. This may be because the default file is not being read.
You mentioned a file, ‘etc/nginx/sites-available/default’. In this case your server blocks should be in a file under ‘/etc/nginx/sites-available/site.conf’ and symlinked to ‘/etc/nginx/sites-enabled/site.conf’.
So I read trough the tutorial and think i got everything.
I found out i missconfigured the ssl keys but recreating them didn’t fix much.
Now if I put only my URL in the URL Line in Mozilla it loads and loads until it gets no response.
If i write:https://MYURL the error in the SSL_ERROR_RX_RECORD_TOO_LONG appears again.
You mentioned a file, ‘etc/nginx/sites-available/default’. In this case your server blocks should be in a file under ‘/etc/nginx/sites-available/site.conf’ and symlinked to ‘/etc/nginx/sites-enabled/site.conf’
If I ‘ls’ in ‘/etc/nginx/sites-available/’ there only is ‘default’ what is the virtual host that is used by default, I assume.
There I edited the config. The symlink to ./sites-enabled exists ands works.
Which gives following output (before that it says that it can resolve the hostname and the server is apache(i think nginx looks like apache from the outside))
No SSL certificates were found on MYDOMAIN.dyndnss.net. Make sure that the
name resolves to the correct server and that the SSL port (default is
443) is open on your server’s firewall.
Then I ran a Portscanner which said my port 443 is opened.
Maybe there’s something wrong how the server handles the SSL? I don’t know cause I’m not experienced with SSL or webservers.
I did ‘whereis apache2’ and indeed found a folder. There is not much but maybe that is creating the error? I will purge it cause it’s not mentioned in the tutorial I am using. I’m at work right now so I can’t check if it works. I write again when I checked.
You can also check your certificate with ssllabs.com. You can check all running processes with ps -aux
and the processes behind each port: netstat -tulpen
Is this an official SSL certificate or self-signed?