search

toomuchio / plex-nginx-reverseproxy

Configuration to serve Plex Media Center https://plex.tv using Nginx https://nginx.com
659 stars 94 forks source link

HTTP is listening on 443? #32

Closed shadycuz closed 6 years ago

shadycuz commented 6 years ago 
nginx -v
nginx version: nginx/1.12.0

I'm using the config from this repo, other than changing the paths to my certs, all else is the same.

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

http works but https is broken.

curl https://plex.my-domain.com/
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.

curl -I http://plex.my-domain.com/
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.0
Date: Sun, 18 Mar 2018 15:23:02 GMT
Content-Type: text/html
Content-Length: 193
Connection: keep-alive
X-Plex-Protocol: 1.0
Cache-Control: no-cache

My backend works fine on either protocol (From the nginx server)

curl -k -I http://10.2.160.5:32401/web/index.html
HTTP/1.1 200 OK
Cache-Control: no-cache
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=20
Content-Length: 9456
Content-Type: text/html
X-Plex-Protocol: 1.0
Date: Sun, 18 Mar 2018 15:23:40 GMT

curl -k -I https://10.2.160.5:32401/web/index.html
HTTP/1.1 200 OK
Cache-Control: no-cache
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=20
Content-Length: 9456
Content-Type: text/html
X-Plex-Protocol: 1.0
Date: Sun, 18 Mar 2018 15:23:46 GMT

Even hardcoding the port is not helping

curl -v https://plex.my-domain.com:443/web/index.html
*   Trying xxx.xxx.xxx.xxx...
* Connected to plex.my-domain.com (xxx.xxx.xxx.xxx) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 596 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: An unexpected TLS packet was received.
* Closing connection 0
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.

I thought I would try via IP to the nginx server but it fails as well?

curl --verbose -H 'Host: plex.my-domain.com' 'https://xxx.xxx.xxx.xxx/web/index.html'
*   Trying xxx.xxx.xxx.xxx...
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 596 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
* SSL: certificate subject name (*.my-domain.com) does not match target host name 'xxx.xxx.xxx.xxx'
* Closing connection 0
curl: (51) SSL: certificate subject name (*.my-domain.com) does not match target host name 'xxx.xxx.xxx.xxx'
shadycuz commented 6 years ago

Found this https://community.letsencrypt.org/t/errors-from-browsers-with-ssl-session-tickets-off-nginx/18124/7

Check overloads comments.

The gist is you can't have one config with ssl_session_tickets off; and one with ssl_session_tickets on;. Even if you don't specify the default is on. I had to go to my main http{} block and set ssl_session_tickets off;. That fixed the issue for me.

P.s Plex feels super smooth and responsive now =) Thanks for the config.