I'm working on a nodejs application and I want this app to be accessible via two domains (the two domains point to the same app) with nginx, the app is deployed on DigitalOcean droplet so
let's say I have my app : :port
and domain one: example1.com
and domain two: example2.com
I followed all the steps to set up ssl for one domain and I did the same for the second and here are my config files (they are in sites-available):
config example1.com
`server {
listen 443 ssl;
server_name example1.com;
ssl_certificate /etc/nginx/ssl-1/example1.com.crt;
ssl_certificate_key /etc/nginx/ssl-1/example1.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}`
config example2.com
`
server {
listen 443 ssl;
server_name example2.com;
ssl_certificate /etc/nginx/ssl-2/example2.com.crt;
ssl_certificate_key /etc/nginx/ssl-2/example2.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}`
example11.com works fine but example2.com not working and google chrome give this warning
basically, it's saying that the certificate of example2.com was issued for example1.com.
so anyone has an experience setting up two domains with ssl for the same application on nginx help me.
After redoing all the steps over and over I discovered that everything I did was correct just one thing I missed :
I forgot the site-enabled file for the second domain.
ln -s /etc/nginx/sites-available/example2 /etc/nginx/sites-enabled/example2
and after that everything worked fine
If it points to the same app, could you redirect? If so, try this:
server {
server_name example2.com;
return 301 https://example1.com;
}
Related
I'm trying to serve two different websites on my Ubuntu 16.04 server.
This is the Website1 configuration in /etc/nginx/sites-available/website1.com:
server {
listen 80;
listen [::]:80;
server_name website1.com www.website1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name website1.com www.website1.com;
ssl_certificate /etc/nginx/ssl/website1.com.domain.crt;
ssl_certificate_key /etc/nginx/ssl/website1.com.intermediate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass https://127.0.0.1:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
And this is the Website2 configuration in /etc/nginx/sites-available/website2.com:
server {
listen 80;
listen [::]:80;
server_name website2.com www.website2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name website2.com www.website2.com;
ssl_certificate /etc/nginx/ssl/website2.com.domain.crt;
ssl_certificate_key /etc/nginx/ssl/website2.com.intermediate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass https://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
These two websites I'm trying to serve with nginx are two nodejs applications. One is listening on port 1337 (website1) and one on port 5000 (website2).
If I visit the url https://website1.com I access to the correct website, the website1.
If I visit the url https://website2.com I access to the wrong website, it shows me the website1, instead of the website2. (the url on the top bar is http://website2.com, with a warning for the SSL).
How can I serve two different websites using the same nginx service on the same Ubuntu server?
The redirect problem is due to the invalid SSL certificate. I'm trying to figure out how to make it valid.
So, the nginx configuration is ok.
I configured a node.js api in digitaloceans and I'm trying to show mydomain.com instead of the IP Server using nginx. I have the following configuration in my default nginx config:
server {
keepalive_timeout 30;
listen server_ip:443 ssl;
ssl_certificate /tmp/mycrt.crt;
ssl_certificate_key /tmp/mykey.key;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 10m;
server_name _;
location / {
proxy_pass http://server_ip:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;}
}
I configured the domain record with domain_name A IP_Server. It redirects to my server but it change to https://server_ip instead of https://my_domain.com.
What I'm missing?
Thanks you.
You need to add following code in the config file:
server {
listen 80;
# Listen to your server ip address
server_name your-server-ip;
# Redirect all traffic comming from your-server-ip to your domain
return 301 $scheme://example.com$request_uri;
}
For more details follow steps from here.
I solve it following this guide
Thanks you.
I try to implement ssl in my node.js app but failed. Here is my app.js
https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801
In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.
So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below
server {
listen 80;
server_name mysite.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.
You need to listen on port 443 and configure nginx to use some certificates.
Something like:
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=3600";
ssl on;
ssl_certificate /.../chained2.pem;
ssl_certificate_key /.../domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.
I've written a sailsjs based application, deployed in one of my VPS. App is running in production mode using pm2. I can access through public_ip:1338, everything seems normal.
So installed nginx,configured proxy_pass, installed letsencrypt ssl. When I'm trying to access domain, I'm seeing Nginx Default Page with SSL working, not the NodeJS (SailsJS) application.
Here is nginx conf file
server {
listen 80;
server_name domain.net www.domain.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;
server_name domain.net;
location / {
proxy_pass http://localhost:1338;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I need to sort out the issue. Can you guys instruct me to fix the issue?
I had the same problem. Followed this guide and it worked. I did need to include include /etc/nginx/sites-enabled/* in nginx.conf to make it work. And here's what's in my default file in the sites-enabled folder:
server {
listen 443 ssl;
server_name sitename.com www.sitename.com;
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDH$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name sitename.com www.sitename.com;
return 301 https://$host$request_uri;
}
I have 2 droplets (instances) on DigitalOcean. One is used as web server and has Nginx installed, one has my node.js app on it.
I've setup Nginx to take care of SSL, and to redirect all non-SSL and www traffic to https://url.com. I used proxy_pass to refer to the node app on my other droplet. So far so good. Everything works.
Now I want to also use Nginx to serve static files, instead of using Node. My static files are also on the App droplet, in the /var/www/node_app/public folder.
But for some reason I can't make it work to refer properly to them.
How do I do this?
This is my Nginx config:
server {
listen 80;
server_name www.url.com;
return 301 https://url.com$request_uri;
}
server {
listen 443 ssl;
server_name www.url.com;
return 301 https://url.com$request_uri;
ssl_certificate /etc/nginx/ssl/www.url.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/www.url.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_prefer_server_ciphers on;
}
server {
listen 443 ssl;
server_name url.com;
ssl_certificate /etc/nginx/ssl/www.url.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/www.url.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_prefer_server_ciphers on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/(images/|fonts/) {
proxy_pass http://XX.XXX.XXX.XXX;
root /var/www/node_app/public;
autoindex off;
}
location / {
proxy_pass http://XX.XXX.XXX.XXX:4000;
proxy_redirect off;
proxy_http_version 1.1;
}
}
After limitless digging the internet for solutions. I retrace by step. I make sure my app static files should be configured like this
app.use(express.static(__dirname + '/public'));
on your nginx config for available site. add the following
$ sudo nano /etc/nginx/sites-available/example.com
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
After this test your config and restart your server using this command
$ sudo nginx -t
And
sudo systemctl restart nginx
And make sure all your html static files are reference with the forward trailing slash. Like this
<!-- Custom styles -->
<link href="/css/bundle.min.css" rel="stylesheet">
You can also following the digital ocean link on configuring nodejs application on
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-18-04