Stripe webhook doesn't reach endpoint on reverse proxy - nginx

I am hosting my app in Linode and I have a stripe webhook that doesn't reach the api. I could hit the endpoint before installing ssl certificates but after the ssl configuration my app can't reach the endpoint. I am following tutorials and don't know a lot about nginx proxying and backend so apologies if my explanation is not clear.
My stripe webhook is listening to the following endpoint:
https://mywebsite.com/api/stripe-webhook
And here is my proxy configuration:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
#ssl on;
ssl_certificate /etc/ssl/certs/kk/certificate.crt;
ssl_certificate_key /etc/ssl/certs/kk/private_key.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mywebsite.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I am not even getting any meaningful error message in Stripe:
My question is what am I doing wrong and is there any other file that I need to configure?

Related

NGINX does not serve js and css files while serving html

I installed NGINX as a reverse proxy on ubunty. However after installation it turned out that NGINX does not serve css and js files while still serving html files.
I have the following configuration in /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:5000/;
include /etc/nginx/mime.types;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
try_files $uri $uri/ =404;
}

Appwrite with Nginx

I installed Appwrite on an debian-server.
The https-port for Appwrite is 444 (443 was already used). Nginx redirects my subdomain to this port.
I have a custom SSL-certificate which is working for this domain and subdomains. I can open the appwrite via the subdomain but when I click "Sign Up" to create a root account for appwrite, I get the following Error:
Invalid Origin. Register your new client (appwrite.domain.de) as a
new Web platform on your project console dashboard
First I thought I have to set proxy_set_header Host $host; in the server-config, but then I am not able to open Appwrite... instead I get the Error
{"message":"Error: Server Error","code":500,"version":"1.0.1"}
Does someone has another idea or already fixed the same problem?
This is my Server-configuration in Nginx:
server {
server_name appwrite.domain.de;
location / {
proxy_pass https://localhost:444;
}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
}
server {
listen 80;
server_name domain.de
www.domain.de
;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name domain.de
www.domain.de
;
location / {
try_files $uri $uri/ =404;
}
Thanks for the help ;)
You're right, you need to include the proxy_set_header Host $host; directive. You might also want to include the following under server:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
and the following under location:
add_header X-Served-By $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;
If you're seeing a 500 error, it would be best to check the docker logs for the appwrite container to see what the problem is.
On a side note, if you're looking for an easier way to manage Nginx, I highly recommend Nginx Proxy Manager (NPM). I use NPM in front of my Appwrite.

Cloudflare Nginx HTTPS proxy_pass every path

I'm trying to setup https using nginx and cloudflare. I generated a certificate and key using cloudflare and added them to my nginx config (See below).
server {
listen 443 ssl;
server_name <URL_HIDDEN>;
ssl_certificate /etc/nginx/own-certs/server.crt;
ssl_certificate_key /etc/nginx/own-certs/server.key;
location / {
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header UPgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The problem: Only the main page works (/).
When going to any other page (Like /favicon.ico), I'm getting a 504 error after 30 seconds. When using the specific port and same path (http://localhost:8082/favicon.ico), everything works fine. Everything works fine when I remove the ssl part too.
It isn't a nginx timeout issue, because I'm getting a response within 5ms when using the localhost URL.
change nginx config (Also necessary if you already enabled "always https"):
server {
listen 80; # ADD THIS
listen 443 ssl;
server_name <URL_HIDDEN>;
ssl_certificate /etc/nginx/own-certs/server.crt;
ssl_certificate_key /etc/nginx/own-certs/server.key;
location / {
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header UPgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
set cloudflare setting:
enable always use https:

nginx "redirected you too many times."

This is my nginx file
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.website.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/api.website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.website.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
When trying to connect to my website, I get a too many redirect error. How can I fix this? For reference, I am following this SSL guide.
Edit: Using Cloudflare, full SSL

NGINX redirecting to root for escaped_fragment URI

I have a very weird situation where NGINX (used as proxy for node app) is redirecting all ?_escaped_fragment_= to root (/) when using https://domain.com?_escaped_fragment_=/app/someurl BUT when I use https://dev.domain.com?_escaped_fragment_=/app/someurl all works fine.
Just want to make it clear that prerenderer works well and I have tested it both directly on machine as well as using dev subdomain.
I can give the original URL for those that would like to check things live.
Thanks a million guys :)
server {
server_name domain.com www.domain.com;
listen 80;
return 301 https://domain.com$request_uri;
}
server {
server_name domain.com;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/***.crt;
ssl_certificate_key /etc/nginx/ssl/***.key;
location / {
proxy_pass http://x.x.x.x:4567;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
server_name dev.domain.com;
location / {
proxy_pass http://x.x.x.x:4567;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
For those of you who had a similar experience maybe also with apache please note that it's not NGINX but the app where you need to specify to the prerender middleware .set('protocol', 'https'));
protocol
Option to hard-set the protocol. Useful for sites that are available
on both http and https.
app.use(require('prerender-node').set('protocol', 'https'));

Resources