I have got a route in expressjs application with the following code.
...
router.get("/:id", async (req, res, next) => {
try {
// debug(`The req is ${req.params.id}`);
const data = await getSuperHerors(req.params.id);
res.send(data);
} catch (err) {
next(err);
}
});
...
I want to setup my nginx revere proxy to forward on the id.
The conf file for nginx is here
...
server {
root /var/www/html;
server_name example.biz; # managed by Certbot
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:3000;
# proxy_pass http://127.0.0.1:3000/$1$is_args$args;
# set $upstream http://localhost:3000;
# proxy_pass $upstream/$1$is_args$args;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.biz/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = example.biz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.biz;
return 404; # managed by CertbotWhat is wrong with my reverse proxy file.
}
...
What is wrong with my reverse proxy file.
For now I have put it back to its original but I have tried to use the configs behind the comments.
Joseph Shanahan
Thanks, you are right all requests were forwarded.
I went back and had a look at my setup and found something else wrong.
Cheers
Joseph Shanahan
Related
I configured Nginx as a reverse proxy for a front-end application. The front-end takes an endpoint URL via a .env file. when I change the endpoint's value which is a URL on the .env, Nginx still picks the old value even after restarting Nginx
my Nginx config
upstream App{
ip_hash;
server localhost:3050;
}
server {
server_name app.com www.app.com ;
root /var/www/App;
access_log /var/log/nginx/app-access.log;
error_log /var/log/nginx/app-error.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
location / {
proxy_pass http://App/;
}
location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://App/socket.io/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.app.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = app.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name app.com www.app.com ;
return 404; # managed by Certbot
}
I'm using certbot to generate a let's encrypt certificate, everything work fine except the http version is not redirected to the https.
Here is my .conf in sites-available :
# the IP(s) on which your node server is running. I chose port 3000.
upstream app_yourdomain {
server 127.0.0.1:3000;
keepalive 8;
}
# the nginx server instance
server {
server_name deussearch.fr www.deussearch.fr;
access_log /var/log/nginx/deussearch.fr.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_Host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_yourdomain/;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.deussearch.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.deussearch.fr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.deussearch.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name deussearch.fr www.deussearch.fr;
return 404; # managed by Certbot
}
I really can't find what's wrong here, like I followed tutorial and everything worked fine , anyone know ? I'm using Nginx on ubuntu if it can help !
I have check your website it's OK. Every I try access http://deussearch.fr/ always redirect to https://www.deussearch.fr/
https://i.imgur.com/H7c9dXY.png
You can also check in https://www.sslshopper.com/ssl-checker.html#hostname=deussearch.fr
I follow this article. I wonder what should be the file structure of "/etc/nginx/sites-available" if I want to host multiple websites and what should be the content of each files under "sites-available" folder (Look at the sample "default" file content down below for a single website configuration)?
I am running node.js, express.js and EJS for 2 websites.
I created 2 different instances of the same website like this:
/home/debian/public
/home/debian/public2
Under both of these folders, each of them has their own individual "server.js" file and the content of them are like this:
server.js
// Load Node modules
var express = require('express');
const ejs = require('ejs');
// Initialize Express
var app = express();
// Render static files
app.use(express.static('/home/debian/public'));
// Set the view engine to ejs
app.set('view engine', 'ejs');
// Port website will run on
app.listen(8080);
// *** GET Routes - Display Pages ***
// Root Route
app.get('/', function(req, res){
var listnames = ["1", "2", "3];
// Render index page
res.render('/home/debian/public/views/pages/index.ejs', {
// EJS variable and server side variable
listnames: listnames
});
});
I configured one public folder's port to 8080 and public2 to 9000
According to this article if you have only a single server, the file "default" under "/etc/nginx/sites-available" should be configured like this:
default
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name auroraspotter.space;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/auroraspotter.space/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/auroraspotter.space/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auroraspotter.space) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name auroraspotter.space;
return 404; # managed by Certbot
However, I wonder what should be the file structure of "/etc/nginx/sites-available" if I want to host multiple websites and what should be the content of each files?
Thanks.
You can have only 1 file named default.conf but you need to edit it as follows:
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name auroraspotter.space;
location /path1 {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /path2 {
proxy_pass http://localhost:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/auroraspotter.space/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/auroraspotter.space/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auroraspotter.space) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name auroraspotter.space;
return 404; # managed by Certbot
Now when you will send request to auroraspotter.space/path1, it will be served by nodejs running on port 8080 and when you will send request to auroraspotter.space/path2, it will be served by nodejs running on port 9000.
here's my nginx.conf:
upstream blah_upstream {
server web:7000;
}
server {
listen 80;
server_name blah.com www.blah.com;
# redict to HTTPS for all requests
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name blah_upstream;
server_tokens off;
# generated with help of certbot
ssl_certificate /etc/letsencrypt/live/blah.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blah.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://blah_upstream;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static/ {
alias /usr/src/app/public/;
}
}
this works for http://www.blah.com -> https://www.blah.com (it redirects fine).
however http://blah.com -> https://blah_upstream which of course absolutely doesn't work.
what am I doing wrong? I don't understand why it would work for the www version and not the other.
I tried switching the server_name order in
server_name blah.com www.blah.com;
but that didn't work either.
I am hoping for a review of some code below -- it is the 'nginx/sites-enabled/default' file. I believe it may have some obvious gotchas which are preventing my site from redirecting under https. I have spent a few days reviewing the Nginx documentation but have not been able to get a handle on my problem. Thanks for your help!
Context:
I am trying to set up a reverse proxy that points my domain url to localhost:3000 on my Digital Ocean server. Everything seems to be working well except for the fact my https is not resolving. I have generally followed these two tutorials: https://code.lengstorf.com/deploy-nodejs-ssl-digitalocean/ and https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 .
When I go to my url I get: "ERR_CONNECTION_RESET". When I run curl on my server for http://localhost:3000, my html is returned as expected. When I run curl on my server for https://mysite.io I receive the error: "curl (35) gnutls_handshake() failed: Error in the pull function". All my http curl requests are redirecting properly to https, dig +short mysite.io is pointing to my server, nginx -t is coming back with no errors.
My hunch is the problem is with my 'nginx/sites-enabled/default' file, more specifically the server blocks that are handling https. The first two server blocks are from the first tutorial, the second two were automatically generated by Certbot in the second tutorial mentioned above. Thanks again for your help!
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.io;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server {
return 301 https://$host$request_uri;
server_name www.mysite.io; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ;
server_name www.mysite.io;
return 404; # managed by Certbot
}
The first two blocks are unnecessary and can be removed. Then, we can take the location block from the second server block and add it to the third server block. And then, finally we can remove the 301 from the third block, ending up with this:
server {
server_name www.mysite.io; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
# change the above line to "listen 443 ssl http2" if you want http2
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ;
server_name www.mysite.io;
return 404; # managed by Certbot
}