I'm adding an SSL domain to a host. When I try to restart Nginx, it protests:
Restarting nginx: [emerg]: the "ssl" parameter requires ngx_http_ssl_module in /etc/nginx/sites-enabled/my_site_conf:16
This is frustrating because I actually rebuilt Nginx and Passenger specifically in order to make ngx_http_ssl_module available; it wasn't in the running instance, so I took the opportunity to build with Nginx 0.8.53 and Passenger 3.0.1.
The relevant configuration block is
server {
listen 0.0.0.0:443 default ssl;
server_name our-site.com;
ssl_certificate /etc/nginx/ssl/our-site.crt;
ssl_certificate_key /etc/nginx/ssl/our-site.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
...etc. etc. (obviously I've obscured the host name, don't need this question coming up in searches for that domain.)
- How can I be sure the running Nginx instance has the SSL module active?
- Am I missing something obvious here?
You are missing the SSL on directive.
http://wiki.nginx.org/HttpSslModule
Looks like the real problem was that my init script (in
/etc/init.d/nginx) was still calling the old version of Nginx, the one without the SSL module, because of a $PATH issue. Fixing some symlinks and deleting the old version fixed the problem.