Menu
I'm publishing a website made with Python Pyramid on an Ubuntu 18.04 server. The website is running properly on HTTP and now I'm trying to make it run on HTTPS by following this article but when trying to install I get this message:
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dev.anything.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dev.anything.com/privkey.pem
Your cert will expire on 2019-03-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
This is my configuration file, which lives on /etc/nginx/sites-available/snow_service.nginx:
server {
listen 80;
listen 443 ssl;
server_name dev.anything.com
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dev.anything.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.anything.com/privkey.pem;
charset utf-8;
client_max_body_size 1M;
location /static {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
alias /webapps/englobe_snow_pyramid_rest_api/pyramid_rest_api/static;
expires 1d;
}
location / {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
try_files $uri @yourapplication;
}
location @yourapplication {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
server_tokens off;
include uwsgi_params;
proxy_set_header Host $host;
proxy_set_header real_scheme $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8999;
}
}
I also tried to rename the file with the domain name but it doesn't work as well. The path for the ssl certificates I put manually because I saw it in another answer here at the Stack Overflow.
What am I missing? Thanks for any help
978
Here is the solution:
I was changing the file in the sites-available folder and not changing the file at the sites-enabled folder. This is the final file content:
server {
listen 80 default_server;
server_name dev.anything.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name elglobe_snow_service
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dev.anything.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.anything.com/privkey.pem;
charset utf-8;
client_max_body_size 1M;
location /static {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
alias /webapps/englobe_snow_pyramid_rest_api/pyramid_rest_api/static;
expires 1d;
}
location / {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
try_files $uri @yourapplication;
}
location @yourapplication {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
server_tokens off;
include uwsgi_params;
proxy_set_header Host $host;
proxy_set_header real_scheme $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8999;
}
}
The files in sites-enabled should just be links to the "real" files in sites-available.
You should only edit the ones in sites-available, and then run
cd /etc/nginx/sites-enabled
ln -s ../sites-available/your-site.conf
to enable that site.
If you want to disable the site, you can just delete the link in sites-enabled.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
