I have my server setup on AWS EC2 instance. My APIs on the IP work perfectly, i.e. on
http://myIpAddress:3000 // Working fine
But when I configure my nginx server and pass proxy then my domain is not working as I expected:
https://myDomainAddress // Working too slow
Here is my nginx file:
server {
listen 80;
server_name myDomainAddress;
return 301 https://myDomainAddress$request_uri;
}
upstream main {
server myIpAddress:3000; #ip to nodejs server
}
server {
listen 443;
server_name myDomainAddress;
client_max_body_size 8M;
ssl on;
ssl_certificate myCert.crt;
ssl_certificate_key myKey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://main;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
}
}
Related
The project was very OK when I worked locally under development. Because the ports of backend 1337 and frontend 3000 were manually changed by me. After we deployed the project to the cloud server, we made OpenSSL work for the frontend. It meant to make nginx redirect requests from port 80 to safe 443, which expected to load the SSL certification. All is well until we tried to log in with our 1337 port to Strapi admin panel, which is part of a backend directory.
To be clear:
backend runs on 1337
frontend runs on 5000.
Both server processes run in pm2 in the background with no problem. nginx file seems to not have any syntax errors. But I can not reach any of the backend operations even through Postman.
What I expect it to do is: run all requests started with domain.com/api/ through localhost:1337. As it made happen with main directory, run through 'localhost:5000'. This is nginx config file:
server {
listen 80;
listen [::]:80;
server_name sinavhukuk.com www.sinavhukuk.com;
access_log /var/log/nginx/site80port.com.access.log;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sinavhukuk.com www.sinavhukuk.com;
ssl_certificate /etc/letsencrypt/live/sinavhukuk.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sinavhukuk.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'XXXXXXXXXX';
location /{
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/main-dir-error.log debug;
}
location /api{
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/admin-error.log debug;
}
access_log /var/log/nginx/siteSSL.com.access.log;
error_log /var/log/nginx/siteSSL.com.error.log;
}
I am trying to bind a ssl certificate to nginx but it keeps failing to start i am attaching my config file,
server {
listen 80;
server_name appoye.com;
return 301 https://appoye.com$request_uri;
}
server {
listen 443 ssl;
server_name appoye.com;
root /home/rohit_jain/appoye-beta-old/dist;
# SSL Certs
ssl_certificate /etc/nginx/ssl/appoye.com/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/appoye.com/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
charset utf-8;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
access_log off;
error_log /var/log/nginx/appoye.com-error.log error;
}
Nginx is still not passing my nodejs revser proxy and ssl certificate as well
I have node.js app which is served by NGINX. I can't connect socket.io and keep getting 404 for POST requests to establishing a connection.
It's working locally, so it must be an NGINX problem.
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443 ssl http2;
server_name example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8080;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Thanks for any help.
Since Websockets are using the Upgrade header introduced in HTTP 1.1, you'll need to specifically use this protocol in your route and set the Connection header to upgrade.
You'll also need to specify a proxy_pass directive with a unique name.
Your config would be something like that:
upstream sockets {
server localhost:8080;
}
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443 ssl http2;
server_name example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_pass http://sockets;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Take a look a the NGINX docs.
https://www.nginx.com/blog/websocket-nginx/
enter chttp {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 192.168.100.10:8010;
}
server {
listen 8020;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
I have a reverse proxy with nginx routing to a node web server
I setup (I thought) SSL on the web server, but it looks like when my browser attempts to resolve the https request, no connection ever starts.
I wanted to ask a couple of questions
Where do I setup the SSL? on the reverse proxy where the request is first hit? or the node server where authentication occurs?
What is wrong with my configuration (if that is the problem
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04
This is the tutorial I used
Code included (sorry I totally forgot to include)
server {
listen 443 ssl;
server_name domain www.domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://app_server_ip:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://$host$request_uri;
}
1.On the reverse proxy
2.You should configure nginx file as similar following (using upstream parameter):
upstream api-app {
least_conn;
server 127.0.0.1:3000 weight=1 max_fails=0;
}
server {
listen 80;
listen 443 ssl;
server_name api.domain.net;
ssl_certificate /etc/letsencrypt/live/api.domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.domain.net/privkey.pem;
client_max_body_size 2000M;
large_client_header_buffers 32 128k;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://api-app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I am trying to use SSL on my application running socket.io with express and nginx but I can't make it work. I have done my research but none of what I found worked.
I keep having the error : ERR_CONNECTION_CLOSED with not http status code on client side.
GET https://subdomain.mywebsite.com:1339/socket.io/?EIO=3&transport=polling&t=LIgxHmz net::ERR_CONNECTION_CLOSED
Here is my nginx configuration :
server {
listen 443;
server_name subdomain.mywebsite.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/subdomain.mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.mywebsite.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1339/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Here is the server side :
var express = require('express'),
var app = express();
var server = require('http').createServer(app);
var io = require('socket.io')(server);
server.listen(1339);
...
Here is the client side :
subdomain.mywebsite.com
var socket = io.connect("https://subdomain.mywebsite.com:1339");
The page loads nicely, no error on server side but no connection to socket.io.
Everything worked flawlessly before I tried to switch to SSL.
What am I doing wrong ?
Try this configuration. Please make sure to have a correct SSL certificate and key. If you test on local you can easily use mkcert tool to generate SSL certificate to local testing.
server {
listen 80;
server_name <your server_name>;
return 301 https://<your server_name>$request_uri;
}
server {
listen 443 ssl;
ssl_certificate <your certificate path>; # better if you put them at /etc/nginx/ssl/
ssl_certificate_key <your certificate_key path >;
server_name <your server_name>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_buffering off;
}
}