I installed NginX to my nodeJS server and already made Certbot SSL authentication.
Everything is working fine, but when i delete cookies and going to page, its load in http.
Is there any way to redirect into https?
When i write "return 301 https://maarath.com$request_uri;", its going to error: too many redirects.
Someone any idea?
My config:
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
}
Thanks for the answers.
Are you using the certbot plugin for nginx? It doesn't look like. You should remove this part
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
and clean up your config to just listen on port 80.
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
Reload nginx nginx -s reload
Run certbot sudo certbot --nginx
This should create the correct configuration for you.
Personally I would always!! split the http and https traffic in two server blocks like
server {
listen 80;
server_name example.com;
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443;
server_name example.com;
.....
}
I would really recommend to use the plugin to manage the NGINX configuration if not a 100% aware on how to manage the configuration and certificates by your self. With certbot it is an act of 2 minutes to make it work.
Read more here: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
Related
I have a MERN stack app that I am trying to put into production.
I am able to get the client side running using NGINX as a reverse proxy to port 3000.
The issue I am having is when I am trying to get a response from my server running on port 5000. This is where I have my API to query against my database.
I believe the issue lies in my server block I have set up for my site. Below is an example for my signin endpoint that I am getting a TIMEOUT from. I have replaced my URL with example.com
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /users/signin {
proxy_pass http://localhost:5000/;
proxy_buffering on;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Any help would be appreciated. I believe I just need help trying to expose these endpoints properly.
Thanks!
i have a nodejs sails app proxied by nginx.Everything works fine but cant seem to connect to sails.io websocket.I get the error below in browser
Refused to connect to 'wss://youtmail.tk/socket.io/?__sails_io_sdk_version=1.2.1&__sails_io_sdk_platform=browser&__sails_io_sdk_language=javascript&EIO=3&transport=websocket' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
and here is my nginx conf
server {
server_name youtmail.tk;
location /{
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:1338;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/youtmail.tk-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/youtmail.tk-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = youtmail.tk) {
return 301 https://$host$request_uri;
} # managed by Certbot
}listen 80;
server_name youtmail.tk;
return 404; # managed by Certbot
}
any help on how to solve this??
I am pretty new to nginx, I managed to get web server running and I can access my Node.js app (port 5000) on my domain. However I would like to add a subdomain to access static website.
At the moment with my config, if I go to my subdomain I see my node.js application.
My nginx config files inside /etc/nginx/sites-available are the following:
default
subdomain.example.com.conf
Default config:
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:5000; #whatever port your app runs on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Subdomain config:
server {
listen 443 ssl;
listen [::]:443 ssl;
root sites/example;
index test.example.com.html;
server_name test.example.com www.test.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ =404;
}
}
How could I see different content other than my Node.js app from my subdomain?
Thank you in advance.
I have an express server running behind nginx reverse proxy and Certbot for certification. All my non-www traffic is redirected to www and https but on google page speed non-www version gives the following error "Lighthouse returned error: NO_FCP"
This is for a new Server deployed on AWS EC2 with nodejs installed.
server {
server_name www.compropertee.com compropertee.com;
location / {
proxy_pass https://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.compropertee.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.compropertee.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = compropertee.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name compropertee.com;
return 404; # managed by Certbot
}
all non-www and www requests should be working in google speed test.
I am super new to linux environment, and trying to configure a vps server to only allow https requests. I have read nginx documentation and tried various rewrite and return statements, changing server blocks etc. But what I have achieved so far, site serves on http and https both with following config.
What I want to achieve is to configure this subdomain admin.example.com to serve only https requests.
I am editing the config at this location: /etc/nginx/sites-available/default
server {
listen 80;
server_name admin.example.com;
#return 301 https://admin.example.com$request_uri;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/admin.byrides.com/fullchain.pem; # man aged by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.byrides.com/privkey.pem; # m anaged by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
You will need to setup two server directives, one for port 80 which will redirect the traffic to port 443.
server {
listen 80;
server_name admin.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/admin.byrides.com/fullchain.pem; # man aged by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.byrides.com/privkey.pem; # m anaged by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
}
}