Now this might be a very simple issue but I can't seem to figure out how get SSL to work with Nginx. I will list what I have done so far:
Used certbot to create a fullchain.pem and privkey.pem file
Added the following code to /etc/nginx/conf.d/pubgstats.info
server {
listen 80;
server_name pubgstats.info www.pubgstats.info;
location '/.well-known/acme-challenge' {
root /srv/www/pubg-stats;
}
location / {
proxy_pass http://localhost:4200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /secure {
auth_pam "Secure zone";
auth_pam_service_name "nginx";
}
}
server {
listen 443;
ssl on;
ssl_certificate /srv/www/pubg-stats/certs/fullchain.pem;
ssl_certificate_key /srv/www/pubg-stats/certs/privkey.pem;
server_name pubgstats.info www.pubgstats.info;
location / {
root /srv/www/pubg-stats/;
}
}
From what I understand, the configuration listens on port 80 and upgrades a HTTP request to HTTPS. The code was mostly taken from this article. I added the SSL part of the configuration as stated here. Now visiting the site over HTTP works. On HTTPS, the connection is reset. What am I missing in the configuration and what's the best way to configure SSL with Nginx in this case?
I don't understand why you didn't add this to /etc/nginx/nginx.conf, but the issue appears to be that you've declared multiple server blocks for the same server. In that case, nqinx will usually choose the first depending on different criteria.
With this configuration, nginx will use SSL by default. If that is not what you want, remove default_server. You don't need ssl on as that is now obsolete and replaced with the ssl parameter in the listen directive.
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate /srv/www/pubg-stats/certs/fullchain.pem;
ssl_certificate_key /srv/www/pubg-stats/certs/privkey.pem;
server_name pubgstats.info www.pubgstats.info;
location '/.well-known/acme-challenge' {
root /srv/www/pubg-stats;
}
location / {
proxy_pass http://localhost:4200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /secure {
auth_pam "Secure zone";
auth_pam_service_name "nginx";
}
}
Related
I am trying to create a urlshortner which would redirect the user to an external url.
I am using node express + nginx to host it.
My express routing is very simple and is as below:
router.get('/:code', async (req, res) => {
fetch code from db
return res.redirect(longUrl)
}
and my nginx conf looks like:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/cert/ssl.pem;
ssl_certificate_key /etc/ssl/cert/ssl.pem;
server_name {server_name};
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "keep-alive";
}
}
This works well over http without nginx but when I introduce proxy using nginx it starts to redirect me to https://localhost/longUrl rather than https://longUrl
I also tried https module without nginx and I got the same result.
Any suggestions would be great, thanks.
I am working on building videoapp using expressjs, peerjs. I am getting the below error while connecting to peerjs server. The app is running behind a proxy server (nginx). The code works fine in my local machine (I am not using proxy server while testing in my local).
`GET https://<servername>/peerjs/id?ts=16228299262200.9619575641336071 404 (Not Found)`
I am getting the result when I do "https://<servername>/peerjs". I assume the I am able to connect to peerjs server. I do not understand why I am getting the above error.
{"name":"PeerJS Server","description":"A server side element to broker
connections between PeerJS clients.","website":"https://peerjs.com/"}
I am combining peerjs along expressjs
const ExpressPeerServer = require('peer').ExpressPeerServer;
const peerServer = ExpressPeerServer(server, {
debug: true,
proxied:true,
});
app.use('/peerjs', peerServer);
Client side code
let myPeer = new Peer({host :'servername',secure:true})
Below is the configuration for nginx
server {
server_name <server_name>;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<server_name>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<server_name>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = <server_name>) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name <server_name>;
return 404; # managed by Certbot
}
PS: I am new to nodejs and nginx. I feel I am missing something very basic that I am not able to figure it out.
Hi in your nginx config file add /peerjs in proxy_pass . So your location block should look something like
location / {
proxy_pass http://localhost:3000/peerjs;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
I have set up nginx to reverse proxy, but I am having a weird problem. If I browse to
http://www.example.com/
The website displays correctly. However, if I browse to
example.com
I am sent to a different site!
This is part of my nginx config file:
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://localhost:8051;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I got this to work, I think the problem is that browser cache.
I am trying attempting to get the 'www' sub-domain redirected to the same route without the 'www' but when accessing the address i receive the following error:
Your connection is not private
Attackers might be trying to steal your information from www.*.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
The sub-domain without the 'www' is fully active and set up with an SSL i've made using Lets Encrypt (both version of the sub-domains were registered when creating the SSL).
When doing a curl command on the 'www' domain i successfully get a '301 Moved Permanently'.
Here is the configuration file of my nginx:
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 sitename.com$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sitename.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
edited, see comment
You could try a more complete solution. Using wildcards and a improved redirect. Please try it!
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name .sitename.com; # Note the '.' before sitename!
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .sitename.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Docs
.sitename.com;
A special wildcard name in the form “.example.org” can be used to match both the exact name “example.org” and the wildcard name “*.example.org”.
I've decided to tackle this issue in another way. I generated another Lets Encrypt SSL certificate for the 'www' subdomain and created another block.
Now everything works as expected.
Here is my updated config:
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
server_name sitename.com www.sitename.com;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sitename.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.sitename.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/www.sitename.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.sitename.com-0001/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
My website was working properly before I installed the ssl certificate. However, once it was installed, my website stopped working. Nginx starts fine as usual, and I get no errors, but the website just doesn't work. Here's my code for nginx config:
server {
listen 80;
server_name www.example.com; (example is replaced with my domain name in code)
location / {
rewrite ^ https://$server_name$request_uri permanent;
}
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example_com/example.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://xxx.xx.xx.xxx:8004;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}