I had a Ubuntu Node.js server working with my http://www.example.com website.
I used httpx://localhost:3000 to do my testing, then when I deployed it to Ubuntu,
I still had to enter the port (www.example.com:3000). I was told to implement a
reverse proxy to remove the port 3000 requirement. I installed nginx and added the
following:
sudo nano /etc/nginx/sites-available/default
----------Delete all then Copy / Paste--------------------------
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://67.205.128.21:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This worked, and removed the requirement to enter port 3000.
Then I found out I needed to run my app with a SSL/Certificate.
I was able to make the nginx changes to get it working as https://www.example.com:3000.
But now I need to get rid of the port 3000 requirement.
I tried the same reverse proxy setting that I used for http:, but that did not work.
How do I configure nginx to remove the port 3000 requirement.
Below is what is currently happening when I enter it in my browser:
http://67.205.128.21 - Works
http://example.com - Redirects to https://example ; Error: Redirects too many times
http://www.example.com - Redirects to https://example ; Error: Redirects too many times
http://example.com:3000 - Works
http://www.example.com:3000 - Works
Current nginx configureation:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
location ~ /.well-known {
allow all;
}
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
server_name example.com;
location / {
proxy_pass http://67.205.128.21:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This should work:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
location ~ /.well-known {
allow all;
}
}
Then, either in the same file or a different file, add an additional server block.
# SSL configuration
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
server_name example.com;
location / {
proxy_pass http://67.205.128.21:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I think the problem was that you only had one server block, and so when the redirect is executed, it falls in that same server block and then redirects again.
Related
I'm trying to setup a Node.js Express server with https and to do that I am using a NGINX reverse proxy. My VPS is running Ubuntu 18.04. I updated the default server configuration in /etc/nginx/sites-enabled/default to this so it works with SSL (if it works):
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 433 ssl default_server;
listen [::]:433 ssl default_server;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name mediaserver;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I ran sudo systemctl restart nginx to restart NGINX.
But the issue is that when I go to the IP Address of my server without https, it opens up fine, but when I go to the IP Address of my server with https, it says the site can't be reached. Any suggested fixes? Thanks.
You need to route the traffic to https instead of http. I also added the proxy_redirect directive which will route any insecure requests to https.
EDIT: Also one problem that I see, is that you are listening on the wrong port. It should be 443, not 433. Notice that I changed proxy_redirect to use port 80.
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name mediaserver;
location / {
proxy_pass https://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect http://localhost:80 https://localhost:3000;
}
}
Here is a link to the associated NGINX documentation.
i have already added CNAME & A Record in my server also i check with nginx command:
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
i write code for my domain example.co & www.example.co: /etc/nginx/sites-available/example.conf
server {
listen 80;
listen [::]:80;
server_name example.co www.example.co;
return 301 $scheme://www.example.co$request_uri;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
server_name example.co www.example.co;
access_log /var/log/nginx/example-co.log;
location / {
proxy_pass "http://127.0.0.1:1000";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/example.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.co/privkey.pem;
}
IP: 127.0.0.1:1000 node.js project for example.co
my issue is example.co is working fine but www.example.co is not working
also i have write code for my domain sub1.example.co & www.sub1.example.co: /etc/nginx/sites-available/sub1-example.conf
server {
listen 80;
listen [::]:80;
server_name sub1.example.co www.sub1.example.co;
return 301 $scheme://www.example.co$request_uri;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
server_name sub1.example.co www.sub1.example.co;
access_log /var/log/nginx/sub1-example-co.log;
location / {
proxy_pass "http://127.0.0.1:2000";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/example.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.co/privkey.pem; # managed by Certbot
}
IP: 127.0.0.1:2000 node.js project for sub1.example.co,
my sub1.example.co is not working
You need to add www.example.co to your server block with 443:
server {
.....
server_name example.co www.example.co;
.....
}
For your subdomain, suggest to use another file for your server blocks configuration using the same format: one server block for 80 and another for 443. :)
I am having trouble accessing my node server externally. Internally, I can access it fine, but I am unable to do so otherwise.
Here is my nginx configuration. I simply want to access my website using only my external IP (for example, 133.21.29.21)
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 2500;
location / {
proxy_pass http://127.0.0.1:3005;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server code
app.server.listen(3003, "0.0.0.0", () => {
console.log(app.server.address());
});
I am running on port 3003 at the moment. I have tried sever nginx configurations and changing my server code as well (changing port, omitting "0.0.0.0", using "127.0.0.1") but I have not had any luck.
I've been trying to access my server by going to my-external-ip:2500, but i've tried accessing through other ports as well.
I've disable the ufw firewall and still have not had any luck. Curling locally works fine.
What am I doing incorrectly?
I think you are missing a proxy redirect
Take a look at the following example NGINX configuration file, the location / { } is pointing to a Node server on port 9080 and it works by navigating to https:// ... .com
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl on;
ssl_certificate /etc/letsencrypt/live/thedomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thedomain.com/privkey.pem;
access_log /var/log/nginx/thedomain.access.log;
error_log /var/log/nginx/thedomain.error.log;
server_name _;
root /var/www/html;
index index.html;
gzip on;
gzip_proxied any;
gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;
location /.well-known/ {
try_files $uri $uri/ =404;
}
location /jenkins {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 90s;
proxy_redirect http://localhost:8080 https://www.thedomain.com/jenkins;
}
location /wss/pforex {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:9190;
proxy_http_version 1.1;
proxy_read_timeout 90s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect http://localhost:9190 https://www.thedomain.com/wss/pforex;
}
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:9080;
proxy_read_timeout 90s;
proxy_redirect http://localhost:9080 https://www.thedomain.com;
}
}
Nginx works as a front-end server, which in this case proxies the requests to a node.js server. Therefore you need to set up a Nginx config file for the node.
Create the file yourdomain.com at /etc/nginx/sites-available/:
# the IP(s) on which your node server is running. I chose port 3003.
upstream app_yourdomain {
server 127.0.0.1:3003; # can use localhost as well
keepalive 8;
}
# the Nginx server instance
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
access_log /var/log/nginx/yourdomain.com.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see Nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_yourdomain/;
proxy_redirect off;
}
}
Besides you can even omit giving ip to listen method and it will take localhost by default
const app = express();
app.listen(3003, () => {
console.log(app.server.address());
});
If you are accessing the server directly with IP then you need to change
server_name yourdomain.com www.yourdomain.com;
with
server_name _;
I am using a simple "hello world" Express.JS (8080 port) application deployed in Ubuntu Server, with NGINX reverse proxy setup as below.
The application working well for http port but not for https port
nginx version: nginx/1.10.3 (Ubuntu)
OpenSSL 1.0.2g 1 Mar 2016
And my configuration file is like this:
server {
listen 80;
listen 443 default ssl;
server_name localhost;
ssl_certificate /root/mydir/ssl/certificate.crt;
ssl_certificate_key /root/mydir/ssl/private.key;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The configuration is working fine for http connection for my domain testdomain.com, but completely failing for https://testdomain.com or https://www.testdomain.com
What went wrong with this configuration?
SSL certs are generated by sslforfree.com.
server {
listen 80;
server_name example.com;
# force redirect http to https
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443;
ssl on;
ssl_certificate /root/mydir/ssl/certificate.crt;
ssl_certificate_key /root/mydir/ssl/private.key;
server_name example.com;
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
....
}
I have three files on my nginx conf.d -
example.com
www.example.com
other.example.com
example.com is my preferred domain and is proxy passing a nodejs app.
example.com has the following config
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
www.example.com has the following config:
server{
listen 80;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
In other.example.com I have the following config
server {
listen 80;
server_name other.example.com;
proxy_redirect off;
root /opt/other;
index index.html;
}
But when I go to other.example.com I get the same result as www.example.com and example.com
Any thoughts how to fix this behaviour?
Problem Solved.
I forgot to name other.example.com file with the .conf extension.
thanks to #Curious