I am trying to bind a ssl certificate to nginx but it keeps failing to start i am attaching my config file,
server {
listen 80;
server_name appoye.com;
return 301 https://appoye.com$request_uri;
}
server {
listen 443 ssl;
server_name appoye.com;
root /home/rohit_jain/appoye-beta-old/dist;
# SSL Certs
ssl_certificate /etc/nginx/ssl/appoye.com/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/appoye.com/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
charset utf-8;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
access_log off;
error_log /var/log/nginx/appoye.com-error.log error;
}
Nginx is still not passing my nodejs revser proxy and ssl certificate as well
Related
I have my server setup on AWS EC2 instance. My APIs on the IP work perfectly, i.e. on
http://myIpAddress:3000 // Working fine
But when I configure my nginx server and pass proxy then my domain is not working as I expected:
https://myDomainAddress // Working too slow
Here is my nginx file:
server {
listen 80;
server_name myDomainAddress;
return 301 https://myDomainAddress$request_uri;
}
upstream main {
server myIpAddress:3000; #ip to nodejs server
}
server {
listen 443;
server_name myDomainAddress;
client_max_body_size 8M;
ssl on;
ssl_certificate myCert.crt;
ssl_certificate_key myKey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://main;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
}
}
I'm trying to serve two different websites on my Ubuntu 16.04 server.
This is the Website1 configuration in /etc/nginx/sites-available/website1.com:
server {
listen 80;
listen [::]:80;
server_name website1.com www.website1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name website1.com www.website1.com;
ssl_certificate /etc/nginx/ssl/website1.com.domain.crt;
ssl_certificate_key /etc/nginx/ssl/website1.com.intermediate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass https://127.0.0.1:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
And this is the Website2 configuration in /etc/nginx/sites-available/website2.com:
server {
listen 80;
listen [::]:80;
server_name website2.com www.website2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name website2.com www.website2.com;
ssl_certificate /etc/nginx/ssl/website2.com.domain.crt;
ssl_certificate_key /etc/nginx/ssl/website2.com.intermediate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass https://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
These two websites I'm trying to serve with nginx are two nodejs applications. One is listening on port 1337 (website1) and one on port 5000 (website2).
If I visit the url https://website1.com I access to the correct website, the website1.
If I visit the url https://website2.com I access to the wrong website, it shows me the website1, instead of the website2. (the url on the top bar is http://website2.com, with a warning for the SSL).
How can I serve two different websites using the same nginx service on the same Ubuntu server?
The redirect problem is due to the invalid SSL certificate. I'm trying to figure out how to make it valid.
So, the nginx configuration is ok.
I try to implement ssl in my node.js app but failed. Here is my app.js
https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801
In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.
So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below
server {
listen 80;
server_name mysite.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.
You need to listen on port 443 and configure nginx to use some certificates.
Something like:
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=3600";
ssl on;
ssl_certificate /.../chained2.pem;
ssl_certificate_key /.../domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.
I have a reverse proxy with nginx routing to a node web server
I setup (I thought) SSL on the web server, but it looks like when my browser attempts to resolve the https request, no connection ever starts.
I wanted to ask a couple of questions
Where do I setup the SSL? on the reverse proxy where the request is first hit? or the node server where authentication occurs?
What is wrong with my configuration (if that is the problem
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04
This is the tutorial I used
Code included (sorry I totally forgot to include)
server {
listen 443 ssl;
server_name domain www.domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://app_server_ip:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://$host$request_uri;
}
1.On the reverse proxy
2.You should configure nginx file as similar following (using upstream parameter):
upstream api-app {
least_conn;
server 127.0.0.1:3000 weight=1 max_fails=0;
}
server {
listen 80;
listen 443 ssl;
server_name api.domain.net;
ssl_certificate /etc/letsencrypt/live/api.domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.domain.net/privkey.pem;
client_max_body_size 2000M;
large_client_header_buffers 32 128k;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://api-app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I've written a sailsjs based application, deployed in one of my VPS. App is running in production mode using pm2. I can access through public_ip:1338, everything seems normal.
So installed nginx,configured proxy_pass, installed letsencrypt ssl. When I'm trying to access domain, I'm seeing Nginx Default Page with SSL working, not the NodeJS (SailsJS) application.
Here is nginx conf file
server {
listen 80;
server_name domain.net www.domain.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;
server_name domain.net;
location / {
proxy_pass http://localhost:1338;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I need to sort out the issue. Can you guys instruct me to fix the issue?
I had the same problem. Followed this guide and it worked. I did need to include include /etc/nginx/sites-enabled/* in nginx.conf to make it work. And here's what's in my default file in the sites-enabled folder:
server {
listen 443 ssl;
server_name sitename.com www.sitename.com;
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDH$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name sitename.com www.sitename.com;
return 301 https://$host$request_uri;
}