Running https on non-standard port with NGINX returns ssl too long

Question

I want to run an instance of redmine on port 5020 of my VPS

This is my nginx site-available config:

server {
    listen 5020 ssl default_server;
    listen [::]:5020 ssl default_server;
    include snippets/ssl-params.conf;

    include snippets/self-signed.conf;

    root /opt/redmine/public;

    # Add index.php to the list if you are using PHP
    #index index.html index.htm index.nginx-debian.html;

    server_name my.great.server ;
    return 301 https://$server_name:5020$request_uri;

    access_log /var/log/nginx/your_domain.com.access.log;
    error_log /var/log/nginx/your_domain.com.error.log;


    passenger_enabled on;
    passenger_min_instances 1;
    client_max_body_size 10m;


}

NGINX accepts this.

But visiting https://my.great.server:5020 returns:

An error occurred during a connection to my.great.server:5020. SSL received a record that exceeded the maximum permissible length.

Redmine is working on that port without https, though, using this config [edit: i meant, that after i replace the cnfig for https with the following config for http, it will work]:

server {

    # listen 5020;
    listen 5020 default_server;
    listen [::]:5020 default_server;
root /opt/redmine/public;

server_name my.great.server:5020 ;

access_log /var/log/nginx/your_domain.com.access.log;
error_log /var/log/nginx/your_domain.com.error.log;


passenger_enabled on;
passenger_min_instances 1;
client_max_body_size 10m;

}

The snippet files all exist and correct, because tehy work on port 443. I have enabled port 5020 for tcp.

Visiting this question did not help me.

This question says i need to add ssl after the port number in the line that begins with listen, i.e. 5020, but that is already added.

Please help me, thank you.

PS: Should the solution require the redmine link to be: https://my.great.server/some/subfolder, it is 100% ok with me.

Answer 1

I am answering this in case someone needs it

Redmine 5 on Ubuntu 22 ARM processor Oracle cloud

First, you need to go to: /opt/redmine directory, and edit the Gemfile there. Just before group :ldap do ... add: gem 'blankslate' (note the '').

Then do bundle install as root.

Second, ensure your target port is open in Virtual Network Card on Oracle Cloud (usually 21-9999 port would be open for tcp. That is good)

Now, go to /etc/nginx/conf.d/your-redmine-domain.tld.conf. Remove everything there. Otherwise, there could be conflicts.

Now, go to nano /etc/nginx/sites-available/your-site. Only keep the server block that is listening to 443.

Now, go to nano /etc/nginx/sites-available/default . Here, add this block:

server {
    root /opt/redmine/public;

    server_name my.great.site; # managed by Certbot

   passenger_enabled on;
    passenger_min_instances 1;
    client_max_body_size 10m;


listen [::]:5020 ssl ipv6only=on; # managed by Certbot
listen 5020 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.great.site/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.great.site/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

Ensure, there is no the index index.html ... declaration.

Also, very important: Make sure that this part is not included:

location / {
    try_files $uri $uri/ =404;
}

(if you are copying from the 443 block, this part might be on. remove it)

Otherwise, redmine will not be able to go to the login page, and you cant set things up as admin.

Finally, restart nginx.

Using this method, it now works.

Thanks to @SteffenUllrich for pointing out that i should check additional configs.