Skip to main content

why will nginx only serve http address? [Resolved]

Although I'm new to nginx, almost everything seems to be working quite well. The only issue is when I try to reach the address with a https:// address it takes 30-60 seconds to load but only a few seconds to redirect and load https:// when typing http://.

I'm certain it has something to do with my nginx conf file but can't see where the issue is and would appreciate some fresh eyes. Is there an issue when referring to my ssl context?

    upstream custodian {
  # The web application.
  server custodian:8000;

server {
  listen 80;
  server_name custodian.fund www.custodian.fund;
  root /var/www/letsencrypt;

  location /.well-known/acme-challenge/ {
    default_type "text/plain";

    try_files $uri =404;
  }

  location / {
    return 301 https://custodian.fund$request_uri;
  }
}

server {

  listen 443 ssl;
  server_name custodian.fund;

  # Static asset path, which is read from the custodian container's VOLUME.
  root /custodian/static;

  # Ensure timeouts are equal across browsers and raise the max content-length size.
  keepalive_timeout 60;
  client_max_body_size 5m;

  # SSL goodness.
  ssl                       on;
  ssl_certificate /etc/ssl/private/custodian.fund.pem;
  ssl_certificate_key /etc/ssl/custodian.fund.key;
  ssl_trusted_certificate /etc/ssl/private/custodian.fund.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_dhparam /etc/ssl/dhparam.pem;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 5m;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";


 # ssl_certificate /etc/ssl/certs/productionexample.crt;
 # ssl_certificate_key /etc/ssl/private/productionexample.key;


  # Disallow access to hidden files and directories.
  location ~ /\. {
    return 404;
    access_log off;
    log_not_found off;
  }

  # Allow optionally writing an index.html file to take precedence over the upstream.
  try_files $uri $uri/index.html $uri.html @custodian;

  # Attempt to load the favicon or fall back to status code 204.
  location = /favicon.ico {
    try_files /favicon.ico = 204;
    access_log off;
    log_not_found off;
  }

  # Load the web app back end with proper headers.
  location @custodian {
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;

Question Credit: polymath
Question Reference
Asked July 7, 2019
Posted Under: Network
18 views
1 Answers

The problem is in your DNS. You have configured four completely different IP addresses for your hostname custodian.fund, but only one of these is actually where your site is hosted.

custodian.fund has address 107.161.23.204
custodian.fund has address 128.199.121.161
custodian.fund has address 209.141.38.71
custodian.fund has address 192.161.187.200

The other three addresses fail to connect, as there is nothing at any of them.

To fix the problem, remove the three incorrect entries from your DNS records.


credit: Michael Hampton
Answered July 7, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA