Cloudflare + SSL + vultr

Posted 4 months ago by tiagomatosweb

Hi all,

Trying to manage SSL through these services. My cloudflare is set as SSL Full. I have created the certificate as well as private key. Then I added those via forge dashboard using "Install Existing Certificate". I've read this article https://medium.com/@taylorotwell/free-wildcard-ssl-using-forge-cloudflare-ab0ebfbf129f and seems all we need, really?

After that, I checked nginx config and it seemed was missing all the ssl setup such as certificate path, SSL port etc. Then, I manually added those. Doesn't forge do it for us automatically?

But, I'm getting this error when access using ssl. Without SSL is fine.

This site can’t be reached
staging.mydomain.com.au refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

Also, if I check the ssl on https://www.sslchecker.com/sslchecker it says "No certificates were found."

my nginx config

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/staging.mydomain.com.au/before/*;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name staging.mydomain.com.au;
    root /home/forge/staging.mydomain.com.au/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/staging.mydomain.com.au/391714/server.crt;
    ssl_certificate_key /etc/nginx/ssl/staging.mydomain.com.au/391714/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/staging.mydomain.com.au/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/staging.mydomain.com.au-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/staging.mydomain.com.au/after/*;

Any idea? Cheers.

Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up

Channels

Reply to

Use Markdown with GitHub-flavored code blocks.