SSL on nginx acting as a reverse proxy to a node server - node.js

I need to access my nodejs api which is reverse proxied by a nginx server over https. To achieve that I generated a self signed cert at location /etc/nginx and then modified the nginx configuration like below:
server {
listen 443;
server_name api.something.com;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl on;
add_header Strict-Transport-Security max-age=500;
location / {
proxy_pass http://10.132.176.xx:8888; #private ip
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Now whenever I try to access https://api.something.com I always get a connection refused error in google chrome. Plain http works fine. Any clues?

Related

Cannot reach Node.js application over HTTPS

I have an node.js application that is running on port 3000.
Infront of it i run an nginx reverse proxy. It works fine for port 80. I have tried to install an certificate with certbot. Now i have the certificate and set up my proxy to redirect all non HTTPS traffic to HTTPS and on the port 443 i listent to it and pass my connection to my application. Somehow my browser is pending and i dont know why.
Here i have added 2 server blocks:
server {
server_name mywebsite.at www.mywebsite.at;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mywebsite.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.at/privkey.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
server_name mywebsite.at www.mywebsite.at;
listen 80;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
In this case i can enter http://mywebsite.at but i cant enter https://mywebsite.at. It says "cant reach the website". Any idea why this error appears?
I have runned sudo nginx -t there are no erros.
I have found the problem guys. My port 443 was not open. ufw allow 443 fixed the issue.

Nginx reverse proxy to NodeJS App causing 502 bad gateway error

I am setting up nginx so that I can access my API built using express through a url like - example.com/api
Here is my nginx config
upstream appfrontend {
server localhost:9008 fail_timeout=0;
}
upstream api {
server localhost:3001;
}
server {
listen 80;
listen [::]:80;
server_name hospoline.com www.hospoline.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443;
server_name example.com; # replace this with your domain
root /var/www/html/example-certbot-webroot;
# The public and private parts of the certificate are linked here
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location /.well-known {
root /var/www/html/example;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://appfrontend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 900s;
}
location /api {
proxy_pass http://api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
When I visit my site example.com the front end loads perfectly.
When I visit example.com/api/fetch_doctors, I get a 502 bad gateway error.
My API is working fine in localhost. When I send a request to localhost:3001 on my local computer, I get the list of doctors.
Both my front end server and backend server are run using forever.
I am really lost and breaking my head about this for one full day. I have no idea where I'm going wrong. Any help in the right direction would be great! Thank you all!

HTTPS with Nginx and Nodejs

So I used certbot to configure Nginx for https. That worked well (I used the automatic configuration).
Now how can I configure my Node.js back end to be able to make GET/POST requests from the front end that is being hosted with Nginx?
EDIT:
location /api {
proxy_pass http://localhost:3000; #server port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
If you have correctly configured your Nginx with SSl and your node application. The requests you send should work with https://URL . Please check your nginx.conf and verify the following things.
You can add ssl cert in Nginx with
ssl_certificate /etc/nginx/ssl/server.crt #cert location
ssl_certificate_key /etc/nginx/ssl/server.key #key location
in your server block in Nginx.And your nodejs App should be configured like this in the server block
location / {
proxy_pass http://localhost:3000; #server port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
This will be sufficient for your server to work with SSL.

Cross-domain WebSocket connection failed during WebSocket handshake: Unexpected response code: 400

I am trying to use socket.io in a Node js application. I have the application sitting on a subdomain and the front-end running on the www version of the domain.
Running the front-end and Node js service on the same domain is not an option.
Sending data back and forth from the client to the server seems to be working. I have sent data both ways and it has worked fine.
However, In the console of the browser I get the following error.
WebSocket connection to 'wss://subdomain.domain.com/socket.io/?EIO=3&transport=websocket&sid=6bNHWyXcCdlMI0HHAAAB' failed: Error during WebSocket handshake: Unexpected response code: 400
My Nginx configuration looks like this:
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443;
server_name subdomain.domain.com;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '*******';
# Pass requests for / to localhost:3000:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
}
}
Both the client and the Node js are using https.
Does anyone know what is causing this issue and how it could be fixed?
Thank you
It looks like you forgot about Upgrade header. It's required if you want to use Nginx as a reverse proxy for WebSockets.
As said here, just try to add one more header:
proxy_set_header Upgrade $http_upgrade;

2 way SSL between nginx and backend server

I have a backend server on Node.js and I am trying to setup 2 way SSL between Nginx and this backend server.
But I get an error as:
2015/11/02 06:51:02 [error] 12840#12840: *266 upstream SSL certificate does not match "myLocalMachine" while SSL handshaking to upstream,
and this is when I set proxy_ssl_verify on. If its off then it works fine. Following is my Nginx setup:
upstream myLocalMachine {
server MyPublicIP:8888;
}
server {
listen 8222 ssl;
proxy_cache two;
ssl_certificate /etc/nginx/ssl/server-cert.pem;
ssl_certificate_key /etc/nginx/ssl/server-key.pem;
ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
ssl_verify_client on;
location / {
proxy_ssl_session_reuse off;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate /etc/nginx/ssl/backend-server-cert.pem;
proxy_ssl_certificate /etc/nginx/ssl/server-cert.pem;
proxy_ssl_certificate_key /etc/nginx/ssl/server-key.pem;
proxy_ssl_password_file /etc/nginx/ssl/pwd.pass;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass https://myLocalMachine;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_valid any 1m;
proxy_cache_min_uses 1;
#proxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment;
proxy_cache_methods GET HEAD POST;
proxy_cache_key "$request_body";
}
}
Solution:
I had used url in certificates lets say: example.com but I was using some
custom name as myLocalMachine in upstream and proxy_pass which I replaced it with url.
Use url in upstream block & proxy_pass as below
upstream example.com {
# ip & ports are for examples
server 11.11.11.11:2222;
}
proxy_pass https://example.com;

Resources