Blockchain, Cryptocurrency & Smart Contracts
+34 518 880131

Blog

Official SigloTech Blog

  • Welcome, Guest!

By browsing this website you are agreeing to our use of cookies.

Posts tagged with “nginx”

“Empty reply from server” – Nginx, PHP, CURL

Recently we setup a sandbox server for one of our APIs. You know, it’s always a good idea to have customers play with a sandbox rather than with a production system. The setup went smoothly and the API did pass all the tests. However, one of our customers complained that when they were accessing the API via PHP they were getting “Empty reply from server”.

The Problem – Empty Response

What the heck, we thought and tried to replicate the problem. Exactly as the customer had reported, the API worked well from Postman and command line CURL but was failing with the PHP CURL big time. “Empty reply from server” was the exact error message.

We have an Nginx server sitting as a proxy in front of our application. A quick test revealed that the requests were not even reaching our API. So there was something in Nginx or in PHP.

A Strategy for Solving the Problem

Whenever we need to find a nasty bug in code or just want to solve a problem we always look at a working system and then try to spot a difference. But the irony is that our environments seemed to be exactly the same. Both the live and the sandbox servers run Debian Jessie 64 bit and we use the same version of Nginx.

One difference was that for the staging API we used a hyphen in the URL (to be more precise we used a sub-domain containing hyphen). After some Googling we came across a discussion saying that hyphens were not supported by CURL. It was a revelation. We quickly removed the hyphen from the sub-domain just to learn that it did have no effect. What a disappointment.

The Aha Moment

Finally we started comparing Nginx configurations. In our understanding this was the last point of hope. To our discouragement they looked exactly the same or did they? We were about to start screaming when we noticed a seemingly innocent difference between the configuration files. The production server had three lines of SSL configuration.

ssl_ciphers ECDH+AESGCM😃H+AESGCM:ECDH+AES256😃H+AES256:ECDH+AES128😃H+AES:ECDH+3DES😃H+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;

So we quickly copied the SSL configuration lines to the sandbox and voila it all worked well. We hope this helps if you are stuck in a similar situation.

Tags: curl nginx php

How to Setup Comodo SSL Certificate on Nginx

There was a time when nobody cared about SSL. Nowadays it is vital that your website is SSL-enabled. Latest versions of browsers mark websites without SSL as insecure. Moreover, Google search gives a little bit higher priority to websites with SSL.

Honestly, it’s sort of lame if you run a website and do not provide SSL. Gone are those days where SSL was expensive. You can get an entry-level SSL certificate for as low as $8 to $12 (depending on the vendor and seller) per year.

What has not changed though is the tricky part of setting up the SSL certificate on a server. If you use services of a system administrator of course he or she can setup SSL for you. But heck, even for them it’s a pain in the neck. Below you can find very simple, step by step instructions to setup SSL on Nginx web server. If you use a different web server, first steps still apply. Though the last step of installation is different and depends on the web server.

For the final steps we assume that our SSL vendor is Comodo. For other brands the last step may differe slightly.

Step 1. Generate CSR

Regardless of the web server and the brand of SSL, the very first step is to generate a CSR (Certificate Signing Request). Some sellers will ask for CSR before ordering and some will ask immediately after order. So, let’s generate CSR first.

You have two options for generating CSR. The first is to use OpenSSL and the second is to use this online service. There is one more way to generate CSR if you happen to be using IIS. I will show you how to use option one – OpenSSL.

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Basically this command will generate two files. One is CSR (yourdomain.csr) and the other is a private key (yourdomain.key). After we finish, you can delete the CSR file. Keep the private key secure though.

Step 2. Purchase SSL Certificate

This step depends on the seller. Normally the companies that issue SSL certificates do not sell them directly. Rather, there are numerous sellers from whom you can purchase SSL certificates. Regardless the seller, you need the CSR generated in step 1 either to place an order or to complete the order. So, your seller at some point will ask for CSR. Afterwards, you will have to confirm that you actually own the domain. For this you need to provide an email address (normally it should be admin@yourdomain.com, hostmaster@yourdomain.com or postmaster@yourdomain.com) where a special link will be sent. Once you click the link, your domain is considered verified and you will receive the SSL certificate shortly.

Step 3. Preparing the SSL Certificate

Normally when you install a comodo certificate you also need to include a so called Root CA Certificate and Intermediate CA Certificates. Comodo used to sent these files separately. So you would get 4 different files.

AddTrustExternalCARoot.crt (Root CA Certificate)
COMODORSAAddTrustCA.crt (Intermediate CA Certificate)
COMODORSADomainValidationSecureServerCA.crt (Intermediate CA Certificate)
Your Certificate – yourdomain.crt

These days you normally get two files. The bundle of the first three and your certificate.

For Nginx you need to combine them into a single certificate file. On Linux and Mac you open a terminal and use the cat command.

cat yourdomain.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > yourdomain-bundle.crt

If you get only two files (your certificate and a bundled version of the three files normally named as yourdomain.ca-bundle) you can use the same approach

cat yourdomain.crt yourdomain.ca-bundle > yourdomain-bundle.crt

The only important thing here is to keep the order. Your domain must be first!

Step 4. Installing the Certificate

Upload the private key (generated from Step 1) and the yourdomain-bundle.crt file (generated in Step 3) to your server and copy it to the /etc/nginx/ssl/ folder.

Now we need to tell Nginx to actually use the SSL certificate. Modify the config file for your site and add the following to the server section.

server {
    listen 443;

    ssl on;
    ssl_certificate /etc/nginx/ssl/yourdomain-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.key;

    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

Tags: cybersecurity nginx system-administration web-server
About SigloTech

SigloTech is a software development and consulting company with a primary focus on Blockchain, Cryptocurrency and Smart Contracts.

Contact Details
Subscribe

Your privacy is our top priority!

©2018 SigloTech. All rights reserved.