HTTPS works, but HTTP brings up nginx welcome page

Hey all.

So, I finally got SSL working yesterday, but have a different issue. When you go to the https of my site https://www.utopidy.com it brings up ghost fine, with SSL working. But when you go to http://www.utopidy.com, it brings up the nginx welcome page.

It is my understanding (though I am not great at networking) that ghost should get served either way. Ideally, I want anyone trying to access HTTP to be redirected to the HTTPS. I thought that was how it worked out of the box… I know there are two conf files in /etc/nginx/sites-available that are included in the nginx conf.

I am not sure what I need to change to get this to work. I tried a few things, but made it worse so I just set it back to original conf.

Any ideas? Thanks!

edit
I should add that I am running the latest ghost/ubuntu in a WSL2 container on a Windows 11 machine in my basement. So, total self hosting. I don’t suspect it is a container issue, but I thought I should add this info.

That’s pretty deeply self hosting!

The files need to be linked from sites-enabled to be active. And you need to restart nginx after making those changes. Posting those conf files would be a good start for getting some help.

(I’m assuming you ARE actually using Nginx, not routing from whatever router is in front of the WSL install directly to port 2368, right?)

Haha, yeah… I’m like, 50 years old. I started programming when I was a kid on an Apple 2 in DOS I think in 1985 or so. Before Windows, the www, cell phones… anyway. It was a pretty sweet time to be alive.

That isn’t really why I’m self hosting, I will move it to the cloud once I understand better my needs. I would rather work through issues with 100% control than spend money to bang my head against a wall not being able to do something on a hosting service

Ok let’s try this:

/etc/nginx/sites-available/utopidy.com-ssl.conf

map $status $header_content_type_options {
    204 "";
    default "nosniff";
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name utopidy.com;
    root /var/www/utopidy/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/utopidy.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/utopidy.com/utopidy.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        # proxy_pass http://127.0.0.1:2368;
        proxy_pass http://172.20.215.108:2368;

        add_header X-Content-Type-Options $header_content_type_options;
    }

/etc/nginx/sites-available/utopidy.com.conf

map $status $header_content_type_options {
    204 "";
    default "nosniff";
}

server {
    listen 80;
    listen [::]:80;

    server_name utopidy.com;
    root /var/www/utopidy/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        # proxy_pass http://127.0.0.1:2368;
        proxy_pass https://172.20.215.108:2368;

        add_header X-Content-Type-Options $header_content_type_options;
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

/etc/nginx/sites-available/default

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

symlinks

/etc/nginx/sites-enabled$ ls -l
total 0
lrwxrwxrwx 1 root root 47 Feb 17 06:00 utopidy.com-ssl.conf -> /etc/nginx/sites-available/utopidy.com-ssl.conf
lrwxrwxrwx 1 root root 43 Feb  2 10:40 utopidy.com.conf -> /etc/nginx/sites-available/utopidy.com.conf

hmmm. I think that should do it.

As far as routing, it is a bit wonky but I’m pretty sure I am going to nginx.

My google router has 2 port forwards, they simply go 80 to 80, and 443 to 443.
I have another port forward rule on my windows machine (using powershell netsh) which does the same. It forwards 80 to the WSL container 80, and 443 to the WSL container 443. I am not forwarding anything to the ghost port. The WSL container runs under it’s own IP address, so localhost gets weird.

And, technically, I shouldn’t need those forwards, because WSL2 should have corrected that need. But for some reason, it won’t work unless I add those.

Let me know if you need anything else. I do appreciate your help!

Are you me? No, mine was a Commodore 64. ;)

I’m not at my desk but I think you need something like this. You want to redirect the requests that are being made to 80 over to 443, not proxy them. Redirecting from HTTP to HTTPS in NGINX | Medium