I am trying to use a nodejs app behind an nginx reverse proxy to handle the ssl
I have my app running on localhost:2000. I can confirm this as working with a curl command.
This is my nginx setup:
# the IP(s) on which your node server is running. I chose port 3000.
upstream dreamingoftech.uk {
server 127.0.0.1:2000;
keepalive 16;
}
# the nginx server instance
server {
listen 0.0.0.0:80;
server_name dreamingoftech.uk;
return 301 https://$host$request_uri;
}
#HTTPS
server {
listen 443 ssl http2;
server_name dreamingoftech.uk;
access_log /var/log/nginx/dreamingoftech.log;
error_log /var/log/nginx/dreamingoftech.error.log debug;
ssl_certificate /etc/letsencrypt/live/dreamingoftech.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dreamingoftech.uk/privkey.pem;
include snippets/ssl-params.conf;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://dreamingoftech.uk/;
proxy_redirect off;
#proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_upgrade;
}
}
if I now curl https://dreamingoftech.uk, it takes a while but I do get the webpage delivered. albeit with the message:
curl: (18) transfer closed with 1 bytes remaining to read
However when viewed from a browser I get a 502 gateway error.
I have checked the error log and this is the result: ERROR LOG
I can't understand why the reverse proxy is adding such a time delay into the process. Any ideas would be greatly appreciated.
PS: in the upstream config I have tried localhost instead of 127.0.0.1 to no avail
I have almost the same configuration. Can you try the following
You can redirect all http to https
server {
listen 80;
return 301 https://$host$request_uri;
}
or for a specific site like this
server {
server_name dreamingoftech.uk;
return 301 https://dreamingoftech.uk$request_uri;
}
but choose only one for your case
and then you make sure you node server is running on http mode and not https.
Also you mentioned that you run node on port 3000, then use port 3000 and not 2000 as I can see in your config.
After you confirm the above redirect all packets into localhost like this
server {
listen 443;
server_name dreamingoftech.uk;
ssl_certificate /etc/letsencrypt/live/dreamingoftech.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dreamingoftech.uk/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:3000;
proxy_read_timeout 90s;
proxy_redirect http://localhost:3000 https://dreamingoftech.uk;
}
}
Create a file and sum the above code put it in sites-available with a name like dreamingoftech.uk and the use ln -s to create a softlink into sites-enabled. go to your nginx.conf and make sure you include folder sites-enabled
Then must restart nginx to check if it works
#Stamos Thanks for your reply. I tried that but unfortunately it didn't work. I decided to try the most basic node app I could still using the basic modules I am using.
I tried this and it worked straight away.
The problem is with my app therefore. I will spend time rebuilding and testing step by step until I find the issue,
Thanks for your time!
Related
I've seen similar questions around and tried different solutions but none seems to work for me, so I guess I have something wrong in my nginx configurations file.
I have configured nginx to redirect all request to port 8080 except for some locations as I have a nodejs app running on 8080 besides a php application running on port 80 (and another nodejs app service running on 8090) all on the same server (I know it's a weird configuration but I have to live with it for the moment). In my nodejs application I'm tryin to detect if the connection is over http or https but it doesn't work.
I alway get the following regardless I connect over http or https:
console.log(req.headers["x-forwarded-proto"]); // => undefined
console.log(req.secure); // => false
here is my nginx config file:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.chained.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2;
root /var/www/html;
index index.html index.htm index.php index.cgi;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
client_max_body_size 100M;
client_body_buffer_size 128k;
server_name factory.quiddis.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
location /bugzilla {
try_files $uri $uri/ /index.cgi$is_args$args;
}
location /bugzilla/rest {
rewrite ^/bugzilla/rest/(.*)$ /bugzilla/rest.cgi/$1 last;
}
...
Note:
Although I know I could redirect http to https via nginx, I cannot do it here as the second nodejs app has to stay over http for the moment.
The project was very OK when I worked locally under development. Because the ports of backend 1337 and frontend 3000 were manually changed by me. After we deployed the project to the cloud server, we made OpenSSL work for the frontend. It meant to make nginx redirect requests from port 80 to safe 443, which expected to load the SSL certification. All is well until we tried to log in with our 1337 port to Strapi admin panel, which is part of a backend directory.
To be clear:
backend runs on 1337
frontend runs on 5000.
Both server processes run in pm2 in the background with no problem. nginx file seems to not have any syntax errors. But I can not reach any of the backend operations even through Postman.
What I expect it to do is: run all requests started with domain.com/api/ through localhost:1337. As it made happen with main directory, run through 'localhost:5000'. This is nginx config file:
server {
listen 80;
listen [::]:80;
server_name sinavhukuk.com www.sinavhukuk.com;
access_log /var/log/nginx/site80port.com.access.log;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sinavhukuk.com www.sinavhukuk.com;
ssl_certificate /etc/letsencrypt/live/sinavhukuk.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sinavhukuk.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'XXXXXXXXXX';
location /{
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/main-dir-error.log debug;
}
location /api{
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/admin-error.log debug;
}
access_log /var/log/nginx/siteSSL.com.access.log;
error_log /var/log/nginx/siteSSL.com.error.log;
}
I have a digital ocean droplet running Ubuntu 18.04 and inside is is an lxc container. I have two applications in that container.
The first application (a client) lives at /var/www/html and the second one is the NodeJS application that lives at /var/www/my-site/. The Node application inside the container is managed by pm2 and everything seems to be working fine thus far because when I type in curl http://localhost:3000 at the container terminal, I get back the desired output.
Inside the main droplet (not the container) under /etc/nginx/sites-available, I have the following two server blocks - default and my-site.
The first app works fine when I try to access it through the browser via my domain but the NodeJS application returns a 502 Bad Gateway when I try to access it through sub.mydomain.com. pm2 start inside the container tells me that the node application status is online.
Here is my default server block file. This works. When I visit mydomain.com, my site shows up fine.
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydomain.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://container_ip_address /;
}
}
Now here is the other server block - my-site.
# Upstream config
upstream site_upstream {
server 127.0.0.1:3000;
keepalive 64;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.mydomain.com www.sub.mydomain.com;
root /var/www/my-site;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://site_upstream;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
I have set the A Record for my subdomain on my domain's DNS settings, to my droplet's IP address and I have also created a symbolic link to /etc/nginx/sites-enabled for the my-site server block.
I have scoured the internet for a solution to this problem but nothing seems to be working. What am I missing?
Your help would be greatly appreciated. Thanks.
The problem here was that requests to the sub domain were not being directed to the lxc container.
I solved this by adding the following inside the my-site server block.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://container_ip/;
}
After that I added an asterisk to the next location block.
location /* {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://site_upstream;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
Another way of getting around this issue was by including the sub-domain in the server_name directive for the default server block. This worked but the only problem was that nginx would complain that it had to ignore the server I had set up in the my-site server block when you ran nginx -t, otherwise, it worked just fine.
I am trying to use socket.io in a Node js application. I have the application sitting on a subdomain and the front-end running on the www version of the domain.
Running the front-end and Node js service on the same domain is not an option.
Sending data back and forth from the client to the server seems to be working. I have sent data both ways and it has worked fine.
However, In the console of the browser I get the following error.
WebSocket connection to 'wss://subdomain.domain.com/socket.io/?EIO=3&transport=websocket&sid=6bNHWyXcCdlMI0HHAAAB' failed: Error during WebSocket handshake: Unexpected response code: 400
My Nginx configuration looks like this:
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443;
server_name subdomain.domain.com;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '*******';
# Pass requests for / to localhost:3000:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
}
}
Both the client and the Node js are using https.
Does anyone know what is causing this issue and how it could be fixed?
Thank you
It looks like you forgot about Upgrade header. It's required if you want to use Nginx as a reverse proxy for WebSockets.
As said here, just try to add one more header:
proxy_set_header Upgrade $http_upgrade;
I have 2 droplets (instances) on DigitalOcean. One is used as web server and has Nginx installed, one has my node.js app on it.
I've setup Nginx to take care of SSL, and to redirect all non-SSL and www traffic to https://url.com. I used proxy_pass to refer to the node app on my other droplet. So far so good. Everything works.
Now I want to also use Nginx to serve static files, instead of using Node. My static files are also on the App droplet, in the /var/www/node_app/public folder.
But for some reason I can't make it work to refer properly to them.
How do I do this?
This is my Nginx config:
server {
listen 80;
server_name www.url.com;
return 301 https://url.com$request_uri;
}
server {
listen 443 ssl;
server_name www.url.com;
return 301 https://url.com$request_uri;
ssl_certificate /etc/nginx/ssl/www.url.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/www.url.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_prefer_server_ciphers on;
}
server {
listen 443 ssl;
server_name url.com;
ssl_certificate /etc/nginx/ssl/www.url.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/www.url.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_prefer_server_ciphers on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/(images/|fonts/) {
proxy_pass http://XX.XXX.XXX.XXX;
root /var/www/node_app/public;
autoindex off;
}
location / {
proxy_pass http://XX.XXX.XXX.XXX:4000;
proxy_redirect off;
proxy_http_version 1.1;
}
}
After limitless digging the internet for solutions. I retrace by step. I make sure my app static files should be configured like this
app.use(express.static(__dirname + '/public'));
on your nginx config for available site. add the following
$ sudo nano /etc/nginx/sites-available/example.com
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
After this test your config and restart your server using this command
$ sudo nginx -t
And
sudo systemctl restart nginx
And make sure all your html static files are reference with the forward trailing slash. Like this
<!-- Custom styles -->
<link href="/css/bundle.min.css" rel="stylesheet">
You can also following the digital ocean link on configuring nodejs application on
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-18-04