[openresty/1.5.12.1] SSL support issue

[Suman Adak]

Dear all,

I am trying to do ssl support. I generated all the certificate as said (http://wiki.nginx.org/HttpSslModule#Generate_Certificates)

I made a change in my conf as bellow

server {

         listen 8080;  

         listen 443;

         ssl on;

    ssl_certificate /usr/local/openresty/nginx/ssl/server.crt;

    ssl_certificate_key /usr/local/openresty/nginx/ssl/server.key;

    keepalive_timeout    70;

         ........

}

While I ran with non sudo user with ubuntu, I got permission denied. Understand that port below 1024 needs root permission. I changed to 8443 but I was getting this error. Also trying with 8080 port gives me error. Can someone please help me??

Error log:

2014/05/22 23:49:44 [notice] 6095#0: openresty/1.5.12.1

2014/05/22 23:49:44 [notice] 6095#0: built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) 

2014/05/22 23:49:44 [notice] 6095#0: OS: Linux 3.13.0-24-generic

2014/05/22 23:49:44 [notice] 6095#0: getrlimit(RLIMIT_NOFILE): 1024:4096

2014/05/22 23:49:44 [notice] 6096#0: start worker processes

2014/05/22 23:49:44 [notice] 6096#0: start worker process 6097

2014/05/22 23:50:12 [info] 6097#0: *1 client sent plain HTTP request to HTTPS port while reading client request headers, client: 127.0.0.1, server: , request: "GET /api/sos/v1.0/capabilities HTTP/1.1", host: "localhost:8080"

2014/05/22 23:52:01 [info] 6097#0: *2 client closed connection while waiting for request, client: 127.0.0.1, server: 0.0.0.0:8443

thanks

Suman

[Hamish Forbes]

You're listening for SSL connections on both ports.

Remove 'ssl on;' 

Change 'listen 443;' to 'listen 443 ssl;

Should fix it.

[Suman Adak]

Thanks Hamish,

I am able to connect with non ssl port - 8080 but Still I am getting error for 443 while running nginx. I put this command 

"sudo utf allow 443" before run openresty. I could understand, this is purely linux problem, still not able to figure out. running openresty with sudo also gives error. wanted to open 443 for non sudo user. but not able to figure out.

nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)

Thanks

suman

--
You received this message because you are subscribed to a topic in the Google Groups "openresty-en" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openresty-en/I0o3N9p9cj8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openresty-en...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Thanks and Regards
Suman Adak

[Hamish Forbes]

You need to be running openresty as root if you want to bind to privileged ports (e.g. 80 and 443).

What error do you get when using sudo?

Also how are you making a https request to openresty?

Sounds like you're making an HTTP request to port expecting an HTTPS request.

[Suman Adak]

hello,

If I run with sudo I get this error

suman@suman-ripsac:~/project_work/ngnixwork$ sudo nginx -p `pwd`/ -c conf/nginx.conf

nginx: [emerg] unknown directive "content_by_lua" in /home/suman/project_work/ngnixwork/conf/nginx.conf:13

suman@suman-ripsac:~/project_work/ngnixwork$ which nginx
/usr/local/openresty/nginx/sbin/nginx
suman@suman-ripsac:~/project_work/ngnixwork$ nginx -v
nginx version: openresty/1.5.12.1
suman@suman-ripsac:~/project_work/ngnixwork$  

I am using rest chrome extension and I called like

https://localhost:443/test

[Yichun Zhang (agentzh)]

Hello!

On Thu, May 22, 2014 at 1:16 PM, Suman Adak wrote:
> suman@suman-ripsac:~/project_work/ngnixwork$ sudo nginx -p `pwd`/ -c
> conf/nginx.conf
>
> nginx: [emerg] unknown directive "content_by_lua" in
> /home/suman/project_work/ngnixwork/conf/nginx.conf:13

You're using another nginx that is not provided by openresty.

> suman@suman-ripsac:~/project_work/ngnixwork$ which nginx
> /usr/local/openresty/nginx/sbin/nginx

The PATH environment of your current system account is not the same as
the one when you run "sudo" (as root).

Try the command to check which nginx you're actually using:

sudo which nginx

Seems like you need to learn more Linux basics first ;)

Regards,
-agentzh

[Suman Adak]

Dear agentzh,

I am learning. :-). I managed by adding "alias sudo='sudo env PATH=$PATH'" in .basrc.

Thanks

--
You received this message because you are subscribed to a topic in the Google Groups "openresty-en" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openresty-en/I0o3N9p9cj8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openresty-en...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Suman Adak]

Dear,

But still I am getting error while accessing with https://localhost:443/test. with http://localhost:8080/test/ works fine for me.

I ran openresty using sudo mode.

Error is 

"client closed connection while waiting for request, client: 127.0.0.1, server: 0.0.0.0:443"

Sorry for my little linux knowledge.

Thanks

Suman

[Suman Adak]

Dear All,

Thanks a lot.

I solved it. It was sudo privilege and certificate issue. Thanks a lot for support.