Azure VM - DNS config with Nginx

Question

So, I have been configuring the DNS : name.centralindia.cloudapp.azure.com, which accommodates running of the Ubuntu 16.05 LTS VM. We want the site to be secured under SSL Certificates, so I have already installed the 'Nginx Server' to do the work back-end. I have configured the Nginx server to point to our Custom DNS, but I'm facing constant issues with the nginx configuration. When we enter into the https/http, I'm getting "Bad Gateway" error or the "Nginx welcome page"or Not found 404 error.

Somehow, With the help of nginx server, we need to point to our DNS with the SSL key which is already installed in the ssl_certificate /etc/ssl/certs/azurevm.crt; ssl_certificate_key /etc/ssl/private/azurevm.key; (These are the self-signed keys generated within Ubuntu but we need to use the key certificate which is generated and stored in the Azure key vault under the name "xxcert" which I cannot find in the ubuntu (var/lib/waagent))

I have also followed this link to secure the web server in Azure : https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-secure-web-server , But this installation is done while booting the VM for the first time but in my case I have already installed the Vm.

This is my default configure under /etc/nginx/sites-available/default (not made any changes in site-enabled/default):

Default server configuration

server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;

root /var/www/html; 
index index.html index.htm index.nginx-debian.html;

server_name name.centralindia.cloudapp.azure.com;

ssl on;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";

# ssl_certificate           /etc/nginx/ssl/vmcert.pem;
# ssl_certificate_key       /etc/nginx/ssl/vmcert.key;
ssl_certificate      /etc/ssl/certs/azurevm.crt;
ssl_certificate_key  /etc/ssl/private/azurevm.key;


location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;

proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Proto $scheme;

# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass          http://localhost:8000;
proxy_read_timeout  90;
proxy_redirect      http://localhost:8000 
http://name.centralindia.cloudapp.azure.com;} )

Answer 1

I think you want to bind your SSL certificate to the server. For this you will have to go to APP service SSL settings. Check out- https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-SSL

You can also follow below post: https://blogs.msdn.microsoft.com/appserviceteam/2016/05/24/deploying-azure-web-app-certificate-through-key-vault/

There is version difference but will provide some help.