I configured a node.js api in digitaloceans and I'm trying to show mydomain.com instead of the IP Server using nginx. I have the following configuration in my default nginx config:
server {
keepalive_timeout 30;
listen server_ip:443 ssl;
ssl_certificate /tmp/mycrt.crt;
ssl_certificate_key /tmp/mykey.key;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 10m;
server_name _;
location / {
proxy_pass http://server_ip:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;}
}
I configured the domain record with domain_name A IP_Server. It redirects to my server but it change to https://server_ip instead of https://my_domain.com.
What I'm missing?
Thanks you.
You need to add following code in the config file:
server {
listen 80;
# Listen to your server ip address
server_name your-server-ip;
# Redirect all traffic comming from your-server-ip to your domain
return 301 $scheme://example.com$request_uri;
}
For more details follow steps from here.
I solve it following this guide
Thanks you.
Related
I'm trying to serve two different websites on my Ubuntu 16.04 server.
This is the Website1 configuration in /etc/nginx/sites-available/website1.com:
server {
listen 80;
listen [::]:80;
server_name website1.com www.website1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name website1.com www.website1.com;
ssl_certificate /etc/nginx/ssl/website1.com.domain.crt;
ssl_certificate_key /etc/nginx/ssl/website1.com.intermediate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass https://127.0.0.1:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
And this is the Website2 configuration in /etc/nginx/sites-available/website2.com:
server {
listen 80;
listen [::]:80;
server_name website2.com www.website2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name website2.com www.website2.com;
ssl_certificate /etc/nginx/ssl/website2.com.domain.crt;
ssl_certificate_key /etc/nginx/ssl/website2.com.intermediate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass https://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
These two websites I'm trying to serve with nginx are two nodejs applications. One is listening on port 1337 (website1) and one on port 5000 (website2).
If I visit the url https://website1.com I access to the correct website, the website1.
If I visit the url https://website2.com I access to the wrong website, it shows me the website1, instead of the website2. (the url on the top bar is http://website2.com, with a warning for the SSL).
How can I serve two different websites using the same nginx service on the same Ubuntu server?
The redirect problem is due to the invalid SSL certificate. I'm trying to figure out how to make it valid.
So, the nginx configuration is ok.
I'm working on a nodejs application and I want this app to be accessible via two domains (the two domains point to the same app) with nginx, the app is deployed on DigitalOcean droplet so
let's say I have my app : :port
and domain one: example1.com
and domain two: example2.com
I followed all the steps to set up ssl for one domain and I did the same for the second and here are my config files (they are in sites-available):
config example1.com
`server {
listen 443 ssl;
server_name example1.com;
ssl_certificate /etc/nginx/ssl-1/example1.com.crt;
ssl_certificate_key /etc/nginx/ssl-1/example1.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}`
config example2.com
`
server {
listen 443 ssl;
server_name example2.com;
ssl_certificate /etc/nginx/ssl-2/example2.com.crt;
ssl_certificate_key /etc/nginx/ssl-2/example2.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}`
example11.com works fine but example2.com not working and google chrome give this warning
basically, it's saying that the certificate of example2.com was issued for example1.com.
so anyone has an experience setting up two domains with ssl for the same application on nginx help me.
After redoing all the steps over and over I discovered that everything I did was correct just one thing I missed :
I forgot the site-enabled file for the second domain.
ln -s /etc/nginx/sites-available/example2 /etc/nginx/sites-enabled/example2
and after that everything worked fine
If it points to the same app, could you redirect? If so, try this:
server {
server_name example2.com;
return 301 https://example1.com;
}
I try to implement ssl in my node.js app but failed. Here is my app.js
https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801
In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.
So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below
server {
listen 80;
server_name mysite.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.
You need to listen on port 443 and configure nginx to use some certificates.
Something like:
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=3600";
ssl on;
ssl_certificate /.../chained2.pem;
ssl_certificate_key /.../domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.
I have 2 domains running with nginx on a DigitalOcean Droplet
Domain1 is an node app proxypassing to localhost:3000.
Works great!
Domain2 is a static site working great too.
However whenever I load the server IP (without the port 3000), I always get redirected to domain1 (node app).
Domain1 is a sort of a private site, whereas domain2 is a public blog.
My question is what do I have to change for people to get redirected to domain2 whenever they load the IP in order to protect domain1 from beeing easily reachable. (The VPS IP is easy to look up)
Here are the "sites-available" files :
Node App :
server {
listen [::]:80;
listen 80;
server_name www.domain1.com domain1.com;
# and redirect to the https host (declared below)
return 301 https://domain1.com$request_uri;
}
server {
listen 443;
server_name domain1.com www.domain1.com;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
And the static one :
server {
listen [::]:80;
listen 80;
server_name www.domain2.com domain2.com;
root /var/www/html/domain2;
index index.html index.htm;
return 301 https://domain2.com$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
root /var/www/html/domain2;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;
}
Any help/hint is appreciated, thank you in advance!
So both your domains are listening on port 80. When your nginx server receives a request, it then checks the domain before determining its route... but because there is no domain to check when you just type in the ip address, it will default to the first listed server (which i'm guessing is domain1)
you can circumvent this by declaring a default server, or switching the order in which they are listed.
I hope i could be of help. A nice little reference http://nginx.org/en/docs/http/request_processing.html
I've written a sailsjs based application, deployed in one of my VPS. App is running in production mode using pm2. I can access through public_ip:1338, everything seems normal.
So installed nginx,configured proxy_pass, installed letsencrypt ssl. When I'm trying to access domain, I'm seeing Nginx Default Page with SSL working, not the NodeJS (SailsJS) application.
Here is nginx conf file
server {
listen 80;
server_name domain.net www.domain.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;
server_name domain.net;
location / {
proxy_pass http://localhost:1338;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I need to sort out the issue. Can you guys instruct me to fix the issue?
I had the same problem. Followed this guide and it worked. I did need to include include /etc/nginx/sites-enabled/* in nginx.conf to make it work. And here's what's in my default file in the sites-enabled folder:
server {
listen 443 ssl;
server_name sitename.com www.sitename.com;
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDH$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name sitename.com www.sitename.com;
return 301 https://$host$request_uri;
}