SSL not working with Elastic Load Balancer and Nginx

Question

I recently purchased an SSL certificate, and I'm trying to load it on my Elastic Load Balancer using Nginx EC2 instances.

The website does not load anything, and my error log is displaying this error: no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking

All of the health checks pass on Amazon's website, so I'm not sure what the issue is. The SSL certificate has been properly uploaded to my ELB as well. My nginx proxy file looks like this:

server {    
    listen 80;
    listen 443 default_server ssl;

    rewrite ^(.*) https://$host$1 permanent;

    client_max_body_size 4G;
    client_header_timeout 60;
    client_body_buffer_size 1K;
    client_header_buffer_size 1k;
    server_name %(DOMAINS)s %(EC2_INSTANCES)s;
    keepalive_timeout 20;
    root %(PROJECT_PATH)s;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        if (!-f $request_filename) {
            proxy_pass http://app_server;
            break;
        }
    }
    error_page 500 502 503 504 /500.html;
    location = /500.html {
        root /path/to/app/current/public;
    }
}

Any advice is greatly appreciated! Thank you in advance!

EDIT - - -

The website now displays a solid white page, but there is a 503 error when I inspect the elements (via Chrome). Not sure if that plays a role, but I figured the more information the better.

Answer 1

in your ELB, redirect traffic from 443 to 80 port, and in you vhost do this:

server {
  listen 80;
  rewrite ^(.*) https://$host$1 permanent;    
  client_max_body_size 4G;
  client_header_timeout 60;
  client_body_buffer_size 1K;
  client_header_buffer_size 1k;
  server_name %(DOMAINS)s %(EC2_INSTANCES)s;
  keepalive_timeout 20;
  root %(PROJECT_PATH)s;
  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    set $is_https 'off';
    if ($http_x_forwarded_proto ~ 'https') {
      set $is_https 'on';
    }
    proxy_set_header HTTPS $is_https;
    proxy_redirect off;
    if (!-f $request_filename) {
      proxy_pass http://app_server;
      break;
    }
  }
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /path/to/app/current/public;
  }
}

If you are terminating SSL in the ELB you don't need check SSL in your vhost. You just need to check the http_x_forwarded_proto header and pass it to the backend, just that.