Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If you have a redirect set up in Aegir (say to redirect example.com to www.example.com), and you are using nginx_ssl, browsers will not accept the SSL certificates reporting ssl_error_rx_record_too_long.
I managed to resolve this by adding the SSL declarations to the redirect vhost. For example, this is what Aegir will produce:
server {
listen 69.164.198.11:443;
server_name example.com;
rewrite ^ $scheme://www.example.com$request_uri? permanent;
}
server {
include /var/aegir/config/includes/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen 69.164.198.11:443;
server_name www.example.com;
root /var/aegir/platforms/live/sac-7.9-16112011;
ssl on;
ssl_certificate /var/aegir/config/server_example/ssl.d/www.example.com/openssl.crt;
ssl_certificate_key /var/aegir/config/server_example/ssl.d/www.example.com/openssl.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
include /var/aegir/config/includes/nginx_simple_include.conf;
}
Which doesn't work. This is what you need to do to get it to work (ie. Also add the ssl declarations to the redirect vhost)
server {
listen 69.164.198.11:443;
server_name example.com;
rewrite ^ $scheme://www.example.com$request_uri? permanent;
ssl on;
ssl_certificate /var/aegir/config/server_example/ssl.d/www.example.com/openssl.crt;
ssl_certificate_key /var/aegir/config/server_example/ssl.d/www.example.com/openssl.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
}
server {
include /var/aegir/config/includes/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen 69.164.198.11:443;
server_name www.example.com;
root /var/aegir/platforms/live/sac-7.9-16112011;
ssl on;
ssl_certificate /var/aegir/config/server_example/ssl.d/www.example.com/openssl.crt;
ssl_certificate_key /var/aegir/config/server_example/ssl.d/www.example.com/openssl.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
include /var/aegir/config/includes/nginx_simple_include.conf;
}
Comment | File | Size | Author |
---|---|---|---|
#2 | 1346794.2-provision-ssl-nginx.patch | 1.4 KB | mrfelton |
#1 | 1346794.1-provision-ssl-nginx.patch | 1.41 KB | mrfelton |
Comments
Comment #1
mrfelton CreditAttribution: mrfelton commentedAttached patch resolves.
Comment #2
mrfelton CreditAttribution: mrfelton commentedSlight problem with above patch. This ones better.
Comment #3
omega8cc CreditAttribution: omega8cc commentedInteresting, as we tested it before many times, however only with Chrome and Safari and it worked very well without any such issues. If this fixes problem for other browsers, that is fine.
Here is your patch modified a bit to have redirect directive after SSL stuff in the server section and to fix minor issue with vhost formatting, plus it is for Provision 2.x:
http://gitorious.org/aegir/provision/commit/2d223d281414804717d44327f3b7...
Comment #4
omega8cc CreditAttribution: omega8cc commentedI will submit a revised patch from #2 for 6.x-1.x shortly.
Comment #5
omega8cc CreditAttribution: omega8cc commentedPatch ready for review: http://drupalcode.org/sandbox/omega8cc/1443220.git/commit/216e3a2
Comment #6
Anonymous (not verified) CreditAttribution: Anonymous commentedCommitted, thanks to both of you!