learning about multidimensional arrays

@scottalanmiller said in Random Thread - Anything Goes:

@wirestyle22 said in Random Thread - Anything Goes:

Cheering myself up by watching a goofy movie tonight. Definitely one of my favorite

Any goofy movie, like Rustler's Rhapsody?. Or The Goofy Movie.

Cheering myself up by watching a goofy movie tonight. Definitely one of my favorites

@marcinozga said in Tomcat with an NGINX Reverse Proxy and Self-signed SSL Certificate:

https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/

You're missing ssl in first server block.

server {
     listen 443 ssl;

I don't know if it's strictly required, I'd add it.

lol fml. That was it. I knew it was something dumb

Same behavior

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      26496/nginx: master
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      26496/nginx: master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      913/sshd
tcp6       0      0 :::8443                 :::*                    LISTEN      25783/java
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      25783/java
tcp6       0      0 :::8009                 :::*                    LISTEN      25783/java
tcp6       0      0 :::80                   :::*                    LISTEN      26496/nginx: master
tcp6       0      0 :::8080                 :::*                    LISTEN      25783/java
tcp6       0      0 :::22                   :::*                    LISTEN      913/sshd
udp        0      0 127.0.0.1:323           0.0.0.0:*                           866/chronyd
udp6       0      0 ::1:323                 :::*                                866/chronyd

@marcinozga said in Tomcat with an NGINX Reverse Proxy and Self-signed SSL Certificate:

@wirestyle22 said in Tomcat with an NGINX Reverse Proxy and Self-signed SSL Certificate:

@scottalanmiller said in Tomcat with an NGINX Reverse Proxy and Self-signed SSL Certificate:

Start with netstat. Is nginx listening?

netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      26420/nginx: master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      913/sshd
tcp6       0      0 :::8443                 :::*                    LISTEN      25783/java
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      25783/java
tcp6       0      0 :::8009                 :::*                    LISTEN      25783/java
tcp6       0      0 :::80                   :::*                    LISTEN      26420/nginx: master
tcp6       0      0 :::8080                 :::*                    LISTEN      25783/java
tcp6       0      0 :::22                   :::*                    LISTEN      913/sshd
udp        0      0 127.0.0.1:323           0.0.0.0:*                           866/chronyd
udp6       0      0 ::1:323                 :::*                                866/chronyd

Looks like Nginx is not listening on port 443. Did you restart the service after config change?

Yes I did. Sorry this was a test. I forgot to update it

@scottalanmiller said in Tomcat with an NGINX Reverse Proxy and Self-signed SSL Certificate:

Start with netstat. Is nginx listening?

netstat -tulpn

Edited for accuracy

I have a running nginx reverse proxy that I'm trying to use to manage the ssl certificates for a tomcat server.

I installed nginx and it works with http traffic. I then tried to generate a self-signed ssl cert.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

I created a strong Diffie-Hellman group
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Here is my nginx server block

server {
  listen 443;
  server_name tomcat.domain.com;
  access_log /var/log/nginx/tomcat-access.log;
  error_log /var/log/nginx/tomcat-error.log;

  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.1.205:8080;
  }

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

}

server {
    client_max_body_size 40M;
    server_name tomcat.skynetli.com;
    listen 80;
#    rewrite        ^ https://$server_name$request_uri? permanent;
}

tomcat server.xml

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

The result is "Can't connect securely to this page"

Youtube Video

Youtube Video