Looking at the console log I see the following error:
Starting nginx: 2009/08/12 13:25:39 [emerg] 1897#0:
SSL_CTX_use_certificate_chain_file("/etc/aws/keys/ssl/https.crt")
failed (SSL: error:02001002:system library:fopen:No such file or
directory error:20074002:BIO routines:FILE_CTRL:system lib error:
140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:sy)
I can't figure out where the /etc/aws/keys/ssl/https.crt path is
coming from, as it is not present in nginx.conf or the Vhost template
area.
On Aug 12, 10:45 am, kenja <[email protected]> wrote:
> It looks like the www server finally says "running" instead of
> "initializing", but it still isn't working. I've tried pointing my
> browser directly to the IP address of the front-end and it won't
> load.
>
> On Aug 12, 10:42 am, kenja <[email protected]> wrote:
>
> > I've been having trouble with SSL on my farm lately. While we've
> > specified only SSLV3, the nginx server is allowing SSLV2 and lower.
> > In trying to resolve the problem, I edited the www role to remove the
> > "Nginx HTTPS Vhost Template: " section within the parameters tab. I
> > then copied that code into the standard nginx.conf and restarted
> > nginx.
>
> > It didn't work, so I reverted back to the original settings with the
> > old nginx.conf and the old code in the"Nginx HTTPS Vhost Template: "
> > section. However, that didn't work either! I rebooted the www
> > instance and that didn't work. I then terminated the instance and
> > waited for the new one to come up and now it is indefinitely saying
> > "initializing". I haven't rebooted the server since the new version
> > of Scalr was released, so I'm not sure what is going on.
>
> > The farm - 1239 - is down hard and I have no idea how to bring it back
> > up or what is causing the server to initialize indefinitely. Can
> > someone help take a look and help me get it back up?
>
> > The code in the Vhost Template section is:
>
> > {literal}server { {/literal}
> > listen 443;
> > server_name {$host} www.{$host} {$server_alias};
>
> > ssl on;
> > ssl_certificate /etc/nginx/certs/www.myserver.com.crt;
> > ssl_certificate_key /etc/nginx/certs/www.myserver.com.key;
> > ssl_session_timeout 10m;
> > ssl_session_cache shared:SSL:10m;
> > ssl_protocols SSLv3;
> > ssl_ciphers HIGH:!ADH;
> > ssl_prefer_server_ciphers on;
>
> > {literal}
> > location / {
> > proxy_pass http://backend;
> > proxy_set_header Host $host;
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > client_max_body_size 10m;
> > client_body_buffer_size 128k;
> > proxy_buffering on;
> > proxy_connect_timeout 15;
> > proxy_intercept_errors on;
>
> > }
> > } {/literal}
>
> > My standard nginx.conf is:
>
> > user www-data;
> > worker_processes 4;
>
> > error_log /var/log/nginx/error.log;
> > pid /var/run/nginx.pid;
>
> > events {
> > worker_connections 4096;
>
> > }
>
> > http {
> > include /etc/nginx/mime.types;
> > default_type application/octet-stream;
>
> > access_log /var/log/nginx/access.log;
>
> > sendfile on;
>
> > keepalive_timeout 0;
> > tcp_nodelay on;
>
> > include /etc/nginx/app-servers.include;
>
> > server {
> > listen 80;
>
> > if ( $remote_addr = 127.0.0.1 ) {
> > rewrite ^(.*)$ /500.html last;
> > return 302;
> > }
>
> > if (-f /var/www/nginx-errors/maintenanceMode-enabled.html) {
> > rewrite ^(.*)$ /maintenancePage.html last;
> > return 503;
> > }
>
> > location / {
> > rewrite ^/my-account(.*)https://www.myserver.com/my-account$1
> > permanent;
> > rewrite ^/login(.*)https://www.myserver.com/login$1permanent;
> > rewrite
> > ^/administrator(.*)https://www.myserver.com/administrator$1
> > permanent;
> > rewrite
> > ^/individuals/sign-up(.*)https://www.myserver.com/individuals/sign-up$1
> > permanent;
> > rewrite
> > ^/index.php/component/user/(.*)https://www.myserver.com/index.php/component/user/$1
> > permanent;
>
> > proxy_pass http://backend;
> > proxy_buffering on;
>
> > proxy_set_header Host $host;
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header X-Forwarded-For
> > $proxy_add_x_forwarded_for;
> > proxy_set_header HTTPS off;
>
> > error_page 500 501 = /500.html;
> > error_page 502 503 504 = /502.html;
> > error_page 404 = /404.html;
> > }
>
> > location /maintenancePage.html {
> > root /var/www/nginx-default;
> > }
>
> > location /500.html {
> > root /var/www/nginx-default;
> > }
>
> > location /502.html {
> > root /var/www/nginx-default;
> > }
>
> > location /404.html {
> > root /var/www/nginx-default;
> > }
>
> > }
>
> > }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/scalr-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
