I'm trying to deploy a MERN app to a DigitalOcean droplet using Nginx (I've used a connection string to connect to a MongoDB atlas instance). The frontend static files seem to successfully work, but I face two issues when it comes to the backend (a Nodejs/express app).
First, I get a connect() failed (111: connection refused) for every request from the frontend to the backend.
2021/07/12 23:54:32 [error] 5101#5101: *394 connect() failed (111: Connection refused) while
connecting to upstream, client: "My Ip", server: "example.com", request: "GET
/api/images HTTP/1.1", upstream: "http://127.0.0.1:5000/images", host: "example.com",
referrer: "https://example.com/"
Second, I face a 404 Not Found nginx/1.14.0 (Ubuntu) error while trying to check the routes through the Postman.
Not sure both of these are the same problem.
Here's my Nginx configuration in /etc/nginx/sites-available/default:
server {
root var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location /api/ {
proxy_pass http://localhost:5000/;
}
location / {
root /home/${my_non_root_user}/frontend/deploy;
try_files $uri /index.html;
}
listen [::]:443 SSL ipv6only=on; #managed by Certbot
listen 443 SSL; #managed by Certbot
ssl_certificate /etc/letsencrypt/live/${example.com}/fullchain.pem; #managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/${example.com}/privkey.pem; #managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} #managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} #managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 404; #managed by Certbot
}
This is how my backend server.js looks like:
import express from 'express'
import path from 'path'
import dotenv from 'dotenv'
import connectDB from './config/db.js'
import memberRoutes from './routes/memberRoutes.js'
import messageRoutes from './routes/messageRoutes.js'
import fileRoutes from './routes/fileRoutes.js'
dotenv.config()
connectDB()
const app = express()
app.use(express.json())
// routes
app.use('/api/members', memberRoutes)
app.use('/api/messages', messageRoutes)
app.use('/api/files', fileRoutes)
const __dirname = path.resolve()
app.use('/files', express.static(path.join(__dirname, '/files')))
const PORT = process.env.PORT || 5000
app.listen(
PORT,
console.log(`Server running in ${process.env.NODE_ENV} mode on port
${PORT}`)
)
When I make a request in Postman, to {{URL}}/messages (No difference it is a GET, or POST), where {{URL}} is THE_IP_TO_DROPLET, I get this output:
<HTML>
<head>
<title>404 Not Found</title>
</head>
<body bgcolor="white">
<center>
<h1>404 Not Found</h1>
</center>
<hr>
<center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>
Do you have any suggestion? Totally stuck in this for the whole weekend!
Thank you.
Related
I am getting this message in nginx (1.18) error.log file
*39 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream
I saw a lot of answers here, but none of them solve my problem.
I am trying to implement an api gateway. It should be the simplest thing in the world...
api_gateway.conf
include api_keys.conf;
server {
access_log /var/log/nginx/api_access.log; # Each API may also log to a
# separate file
auth_request /_validate_apikey;
root /var/www/api;
index index.html index.htm index.nginx-debian.html;
listen 443 ssl;
server_name api.example.com.br;
location /microservices/ {
proxy_pass https://127.0.0.1:10001/;
}
location /ms-email-sender/ {
proxy_pass https://127.0.0.1:10002/;
}
# Error responses
error_page 404 = #400; # Treat invalid paths as bad requests
proxy_intercept_errors on; # Do not send backend errors to client
include api_json_errors.conf; # API client-friendly JSON errors
default_type application/json; # If no content-type, assume JSON
# API key validation
location = /_validate_apikey {
internal;
if ($http_apikey = "") {
return 401; # Unauthorized
}
if ($api_client_name = "") {
return 403; # Forbidden
}
return 204; # OK (no content)
}
ssl_certificate /etc/letsencrypt/live/api.optimusdata.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.optimusdata.com.br/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = api.optimusdata.com.br) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name api.optimusdata.com.br;
listen 80;
return 404; # managed by Certbot
}
My services are written in node.js
I tried to put some directives under location block like
proxy_ssl_verify off;
I changed a lot of things the api_gateway.conf
I saw several tutorials in the web and all of them are quite look alike that one.
I have two servers, running on the same virtual machines:
https:xxx.domain1.com (the front-end)
https:yyy.domain1.com (the back-end only called from the front-end)
Both are running under nginx and the run correctly on my development Ubuntu 20.04.1 machine.
Now I' moving them on AWS: I created a Linux machine the same OS, and transferred both the machines.
So now I have
https:xxx.domain2.com (the front-end)
https:yyy.domain2.com (the back-end only called from the front-end)
The second server will be always called only by the first one. It should be considered hidden.
I run them, but, when accessing the front-end for the login, I received the following errors:
OPTIONS https://xxx.domain2.com/login CORS Missing Allow Origin
Now, in the server https:yyy.domain2.com I always specified
const router = express();
router.use(cors())
and the full nginx config file is as follow
server {
server_name xxx.domain2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx.domain2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxx.domain2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name yyy.domain2.com;
add_header Access-Control-Allow-Origin "xxx.domain2.com";
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3001;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx.domain2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxx.domain2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = xxx.domain2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name xxx.domain2.com;
return 404; # managed by Certbot
}
server {
if ($host = yyy.domain2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name yyy.domain2.com ;
return 404; # managed by Certbot
}
Please note that I added the line
add_header Access-Control-Allow-Origin "xxx.domain2.com";
that I don't have on my development server.
====================== FIRST ADDENDUM ==========================
This is the client offending piece of code: The error is in response to the const res = await axios.put(cfLogin, { 'cf': cf }); request below.
const handleSubmitCf = async (e) => {
e.preventDefault();
setSudo(false)
try {
const res = await axios.put(cfLogin, { 'cf': cf });
if (res.status === 200 || res.status === 201)
{
nextPhase();
setResponse(res.data.data1);
}
setErrore('');
}
catch (error) { setErrore(error.response.data); };
}
I am testing my express server running on proxy. My nginx config file for in sites-available is:
server {
server_name open.yousico.com;
gzip on;
gzip_proxied any;
gzip_types application/javascript application/x-javascript text/css text/javascript;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 256;
location /_next/static/ {
alias /var/www/yousi-website/.next/static/;
expires 365d;
access_log off;
}
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api {
rewrite ^/codify(.*) $1 break;
proxy_pass "http://127.0.0.1:3001";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/open.yousico.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/open.yousico.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = open.yousico.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name open.yousico.com;
return 404; # managed by Certbot
}
My server file for my express server listening on 3001 is:
const express = require('express');
const app = express();
app.listen(3001, console.log("server is running on 3001"));
app.get('/', (req, res) => {
res.send('API is running');
});
app.get('/hello', (req, res) => {
res.send('Hello World');
});
I tested this express server on my local machine, and it seems to be working fine, but when I deploy it to my cloud server, it displays "Cannot GET /api", is there something wrong with my config file? My understanding is that I set my location to /api and direct it to port 3001, and I'm sure that the server is running on 3001.
"Cannot XXX /YYY" is the Express default response when there is no handler for method XXX for path YYY.
In your case, I don't see an app.get("/api", ...) handler in your server code, so the error is quite warranted.
The rewrite statement in your nginx config,
rewrite ^/codify(.*) $1 break;
doesn't make sense either since there's no way for location /api to match /codify.
If you meant to strip the /api out before the URL is passed to your Express server,
rewrite ^/api(.*) $1 break;
in which case /api would be passed as /, and that would match your app.get("/")...
I have 2 locations in my nginx conf like so :
upstream server {
server 127.0.0.1:XXXX;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate XXXX;
ssl_certificate_key XXXX;
location /yyy {
proxy_pass http://server/YYY/;
...
}
location / {
proxy_pass http://server/XXX/;
...
}
}
But it seems that https://example.com/yyy redirects to http://server/XXX/ instead of http://server/YYY/ as if nginx considered it as a subpath of mydomain.com and not a different location.
However if I try to access https://example.com/yyy/ then it redirects to http://server/YYY/.
I would like that both https://example.com/yyy/ and https://example.com/yyy redirect to http://server/YYY/
Currently I am trying to build a small nodejs API which should work on my server behind an already existing and working nginx setup.
nginx.conf:
server {
listen 80;
listen [::]:80;
server_name *.mydomain.com;
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
}
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
}
if ($host = hello.mydomain.com) {
return 301 https://$host$request_uri;
}
return 404;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mydomain.com www.mydomain.com;
root /var/www/html;
index index.html;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
location / {
try_files $uri/index.html $uri.html $uri/ $uri =404;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name hello.mydomain.com;
root /var/www/hello;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000$request_uri;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
index.js:
const express = require('express');
const app = express();
app.get("/", (request, response) => {
response.end("hello world");
});
app.listen(3000, () => console.log('listening'));
So i have mydomain.com and www.mydomain.com and they have nothing to do with nodejs and work fine.
The nodejs site lies behind hello.mydomain.com and just returns a 502: Bad Gateway error. When I am on my server (where everything lies) and just do:
curl localhost:3000
I get the right response. So the nodejs code works (I even approved it locally), but the nginx is not able to act as a proxy and "speak" with the local nodejs express.
Does anyone know why this does not work? I already searched through many tutorials, but I just cannot find the solution. :/