nginxopensslssl-certificatecentos8tileserver-gl

Secure tileserver-gl using ssl in centOS


I have sudo docker run -d --restart unless-stopped -it -v $(pwd):/data -p 81:80 maptiler/tileserver-gl running. I can access http://mypage.com:81 just fine. However, I wanted to access https://mypage.com:81. I have a valid certificate but it is failing to use https protocal. Below is my nginx.conf file.

server {
        listen 80;
        listen [::]:80 default_server;
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  mypage.com;
        root         /usr/share/nginx/html;

        ssl_certificate "/etc/pki/nginx/certs/mypage.com.crt";
        ssl_certificate_key "/etc/pki/nginx/certs/mypage.com.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                proxy_pass http://localhost:80;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;

        }


Solution

  • The solution here is

    server {
            listen 81 ssl;
            listen [::]:81 ssl;
            listen       443 ssl http2 default_server;
            listen       [::]:443 ssl http2 default_server;
            server_name  mypage.com;
            root         /usr/share/nginx/html;
    
            ssl_certificate "/etc/pki/nginx/certs/mypage.com.crt";
            ssl_certificate_key "/etc/pki/nginx/certs/mypage.com.key";
            ssl_session_cache shared:SSL:1m;
            ssl_session_timeout  10m;
            ssl_ciphers PROFILE=SYSTEM;
            ssl_prefer_server_ciphers on;
    
            # Load configuration files for the default server block.
            include /etc/nginx/default.d/*.conf;
    
            location / {
                    proxy_pass http://localhost:80;
                    proxy_set_header X-Forwarded-Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header Host $http_host;
    
            }
    

    observe the ssl on port 80.