I've been having trouble with SSL on my farm lately. While we've
specified only SSLV3, the nginx server is allowing SSLV2 and lower.
In trying to resolve the problem, I edited the www role to remove the
"Nginx HTTPS Vhost Template: " section within the parameters tab. I
then copied that code into the standard nginx.conf and restarted
nginx.
It didn't work, so I reverted back to the original settings with the
old nginx.conf and the old code in the"Nginx HTTPS Vhost Template: "
section. However, that didn't work either! I rebooted the www
instance and that didn't work. I then terminated the instance and
waited for the new one to come up and now it is indefinitely saying
"initializing". I haven't rebooted the server since the new version
of Scalr was released, so I'm not sure what is going on.
The farm - 1239 - is down hard and I have no idea how to bring it back
up or what is causing the server to initialize indefinitely. Can
someone help take a look and help me get it back up?
The code in the Vhost Template section is:
{literal}server { {/literal}
listen 443;
server_name {$host} www.{$host} {$server_alias};
ssl on;
ssl_certificate /etc/nginx/certs/www.myserver.com.crt;
ssl_certificate_key /etc/nginx/certs/www.myserver.com.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3;
ssl_ciphers HIGH:!ADH;
ssl_prefer_server_ciphers on;
{literal}
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_buffering on;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}
} {/literal}
My standard nginx.conf is:
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 0;
tcp_nodelay on;
include /etc/nginx/app-servers.include;
server {
listen 80;
if ( $remote_addr = 127.0.0.1 ) {
rewrite ^(.*)$ /500.html last;
return 302;
}
if (-f /var/www/nginx-errors/maintenanceMode-enabled.html) {
rewrite ^(.*)$ /maintenancePage.html last;
return 503;
}
location / {
rewrite ^/my-account(.*) https://www.myserver.com/my-account$1
permanent;
rewrite ^/login(.*) https://www.myserver.com/login$1 permanent;
rewrite ^/administrator(.*) https://www.myserver.com/administrator$1
permanent;
rewrite ^/individuals/sign-up(.*)
https://www.myserver.com/individuals/sign-up$1
permanent;
rewrite ^/index.php/component/user/(.*)
https://www.myserver.com/index.php/component/user/$1
permanent;
proxy_pass http://backend;
proxy_buffering on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header HTTPS off;
error_page 500 501 = /500.html;
error_page 502 503 504 = /502.html;
error_page 404 = /404.html;
}
location /maintenancePage.html {
root /var/www/nginx-default;
}
location /500.html {
root /var/www/nginx-default;
}
location /502.html {
root /var/www/nginx-default;
}
location /404.html {
root /var/www/nginx-default;
}
}
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/scalr-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
