SSL Certificate Issue for Nginx Gateway API

Hello,

I have been trying to set up SSL for my Ubuntu Server, where we are using Nginx as Gateway API to host our application.

We have got a free Cloudflare SSL Certificate which I have installed on the server, the primary domain works well with the certificate but the subdomain where we have the gateway API using Nginx does not work the way it is expected.

The sub-domain name - srv.digixhub.com when open works well but when accessed using a port number to call the API does not respond the way required.

The url we use to access is - https://srv.nioc.exchange:2082/market/symbol-thumb
When we send a request using Chrome Browser it shows an error response - “ERR_SSL_PROTOCOL_ERROR”

Below you can find the Nginx - default file code snippets.

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
# server {
# 	listen 80 default_server;
# 	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	# root /var/www/html;

	# Add index.php to the list if you are using PHP
	# index index.html index.htm index.nginx-debian.html;

	# server_name _;

	# location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
	# 	try_files $uri $uri/ =404;
	# }

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
# }

# server {
#     listen 443 ssl http2;
#     listen [::]:443 ssl http2;
#     ssl        on;
#     ssl_certificate /etc/ssl/cert.pem;
#     ssl_certificate_key /etc/ssl/cert.key;

# 	# SSL configuration
# 	#
# 	# listen 443 ssl default_server;
# 	# listen [::]:443 ssl default_server;
# 	#
# 	# Note: You should disable gzip for SSL traffic.
# 	# See: https://bugs.debian.org/773332
# 	#
# 	# Read up on ssl_ciphers to ensure a secure configuration.
# 	# See: https://bugs.debian.org/765782
# 	#
# 	# Self signed certs generated by the ssl-cert package
# 	# Don't use them in a production server!
# 	#
# 	# include snippets/snakeoil.conf;

# 	root /var/www/html;

# 	# Add index.php to the list if you are using PHP
# 	index index.html index.htm index.nginx-debian.html;

# 	server_name _;

# 	location / {
# 		# First attempt to serve request as file, then
# 		# as directory, then fall back to displaying a 404.
# 		try_files $uri $uri/ =404;
# 	}

# 	# pass PHP scripts to FastCGI server
# 	#
# 	#location ~ \.php$ {
# 	#	include snippets/fastcgi-php.conf;
# 	#
# 	#	# With php-fpm (or other unix sockets):
# 	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# 	#	# With php-cgi (or other tcp sockets):
# 	#	fastcgi_pass 127.0.0.1:9000;
# 	#}

# 	# deny access to .htaccess files, if Apache's document root
# 	# concurs with nginx's one
# 	#
# 	#location ~ /\.ht {
# 	#	deny all;
# 	#}
# }


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {

	listen 80 default_server;
	listen [::]:80 default_server;

    server_name srv.nioc.exchange;

    root /usr/java/Crypto-Exchange-Platform-00-framework ;
    location / {
    index index.jsp;
  }

    location /usr/java/Crypto-Exchange-Platform-00-framework/market {
        client_max_body_size    5m;
        proxy_pass http://localhost:2082;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/exchange {
        client_max_body_size    5m;
        proxy_pass http://localhost:2083;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/uc {
        client_max_body_size    5m;
        proxy_pass http://localhost:2086;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/admin {
        client_max_body_size    5m;
        proxy_pass http://localhost:2087;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/chat {
        client_max_body_size    5m;
        proxy_pass http://localhost:6008;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
    }
}


server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl        on;
    ssl_certificate /etc/ssl/cert.pem;
    ssl_certificate_key /etc/ssl/certkey.pem;

    server_name srv.nioc.exchange;

    root /usr/java/Crypto-Exchange-Platform-00-framework ;
    location / {
    index index.jsp;
  }

    location /usr/java/Crypto-Exchange-Platform-00-framework/market {
        client_max_body_size    5m;
        proxy_pass http://localhost:2082;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/exchange {
        client_max_body_size    5m;
        proxy_pass http://localhost:2083;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/uc {
        client_max_body_size    5m;
        proxy_pass http://localhost:2086;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/admin {
        client_max_body_size    5m;
        proxy_pass http://localhost:2087;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /usr/java/Crypto-Exchange-Platform-00-framework/chat {
        client_max_body_size    5m;
        proxy_pass http://localhost:6008;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
    }
}

We have the SSL settings currently under strict using rules and also tried using Flexible but the same issue is found.

The same URL when accessed directly using IP and Port works well and provides us with the expected response. You can find the URL - http://34.93.12.195:2082/market/symbol-thumb-trend

But with HTTPS when added shows the same error as we get using the domain name adding ssl to it.

I request if anyone here could provide on an immediate basis to get this server configured and working well with our Cloudflare account as expected.

I will look forward for your response soon.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.