SSL Setup for Bench and CloudFare

Did you get SSL certificates?

Hi @vjFaLk

Yes. I purchased new SSL from Comodo - PositiveSSL.

Now even my site name is correct (as per my site.website.com) but when I enable FULL/STRICT SSL through CloudFlare, the server goes down. The error on the site (through CloudFlare) comes up as follows:

“The web server is not returning a connection. As a result, the web page is not displaying.”

It seems the server is not setup for working on port 443/SSL/HTTPS and that’s why when CloudFlare demands a secured connection from server, the server is not able to respond to this explicit request and the request fails.

Can you advise a solution to manually configure/setup required files for configuring HTTPS/SSL like nginx.conf etc ?

TIA

[UPDATE]

I have set a Page Rule on CloudFlare to enforce HTTPS on my domain. When I disable this rule and set SSL to STRICT, the site works without any problems but on HTTP and the site doesn’t show HTTPS even when I manually enter https://sub.domain.com.

I thought this information is vital for your to be able to understand the real problem behind SSL issue.

So the objective is : Redirect the site to HTTPS and use CloudFlare STRICT SSL setting. Maybe we can configure our server to enforce https/ssl on ALL incoming connections and don’t use CloudFlare Page Rule to enforce HTTPS. It seems this will work. Please advise solution in this direction!

While testing further, I tried following command from terminal:

curl https://1.2.3.4 -v [where 1.2.3.4 is my site IP address, real IP not shown for privacy]

Above command returns following:

  • Rebuilt URL to: https://1.2.3.4/
  • Hostname was NOT found in DNS cache
  • Trying 1.2.3.4…
  • connect to 1.2.3.4 port 443 failed: Connection refused
  • Failed to connect to 1.2.3.4 port 443: Connection refused
  • Closing connection 0
    curl: (7) Failed to connect to 1.2.3.4 port 443: Connection refused

It shows, the server is not allowing connection on port 443. So there is some ERPNext config that needs to be changed which will enabled connections on port 443.

[SOLVED]

Despite following this guide, config for HTTPS was not getting loaded into nginx.conf. As I am unaware of the file structure, I thought the conf file is either /etc/nginx/nginx.conf OR /etc/nginx/sites-available/default, which is to be amended manually.

BUT, after struggling a bit, I found that the functional conf file for ERPNext resides here:
/home/frappe/frappe-bench/config/nginx.conf

So, I manually added another “server block” in the above file and added SSL parameters. Viola, now it works!

Now I have followings settings enabled on CloudFlare:

  • Page rule that enforces HTTPS on my site url
  • SSL settings under Crypto are set to STRICT

I hope this thread will help other members to solve this issue and also enable ERPNext developers to test this scenario to come up with a solution in upcoming updates!

Thanks to @komsel2228 @KanchanChauhan @ganas & @vjFaLk for participating in this discussion! Special thanks to @vjFaLk for extended support.

3 Likes