Hi, I'm in the process of testing Mezzanine with Django 1.8/Python 3.4. I've been trying to get SSL working for the admin section. I'm fairly new to nginx/supervisor so I guess it's a config problem, hopefully someone here can tell me how I'm being stoopid :) Apologies if this isn't mezzanine specific.
I can't find any errors in logs except for this nginx error which occurs when the browser eventually gives up trying to load the /admin page:- 2015/05/09 14:31:03 [info] 9769#0: *60 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 80.192.66.17, server: www.mrphunt.net, request: "GET /admin/ HTTP/1.1", upstream: "https://unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock:/admin/";, host: "www.mrphunt.net" My nginx.conf is pretty much the default fabfile configuration except i'm redirecting to the www version from the non-www version. upstream mrphunt { server unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock fail_timeout=0; } server { server_name mrphunt.net; return 301 $scheme://www.mrphunt.net$request_uri; } server { listen 80; listen 443 ssl; server_name www.mrphunt.net; client_max_body_size 10M; keepalive_timeout 15; error_log /home/paul/logs/mrphunt_error_nginx.log info; access_log /home/paul/logs/mrphunt_access_nginx.log; ssl on; ssl_certificate conf/mrphunt.crt; ssl_certificate_key conf/mrphunt.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; ssl_prefer_server_ciphers on; # Deny illegal Host headers #if ($host !~* ^(mrphunt|mrphunt.net|www.mrphunt.net)$) { if ($host !~* ^(www.mrphunt.net)$) { return 444; } location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Protocol $scheme; proxy_pass http://mrphunt; } location /static/ { root /home/paul/webapps/mrphunt/mrphunt; access_log off; log_not_found off; expires 30d; } location /robots.txt { root /home/paul/webapps/mrphunt/mrphunt/static; access_log off; log_not_found off; } location /favicon.ico { root /home/paul/webapps/mrphunt/mrphunt/static/img; access_log off; log_not_found off; } } gunicorn config: from __future__ import unicode_literals import multiprocessing bind = "unix:/home/paul/webapps/mrphunt/mrphunt/gunicorn.sock" workers = 2 errorlog = "/home/paul/logs/mrphunt_error.log" loglevel = "error" proc_name = "mrphunt" My /etc/supervisor/conf.d/mrphunt.conf: [program:gunicorn_mrphunt] command=/home/paul/webapps/mrphunt/bin/gunicorn -c gunicorn.conf.py -p gunicorn.pid wsgi:application directory=/home/paul/webapps/mrphunt/mrphunt user=paul autostart=true stdout_logfile = /home/paul/logs/mrphunt_supervisor autorestart=true redirect_stderr=true environment=LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_LANG="en_US.UTF-8" SSL cert was generated as per fabfile.py: cd /etc/nginx/conf sudo openssl req -new -x509 -nodes -out mrphunt.crt -keyout mrphunt.key -subj '/CN=www.mrphunt.net' -days 3650 I'm all out of ideas about the SSL problem :( Everything else I've tried has worked with no problems though yay. Paullo -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
