This is my nginx file
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.website.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/api.website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.website.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
When trying to connect to my website, I get a too many redirect error. How can I fix this? For reference, I am following this SSL guide.
Edit: Using Cloudflare, full SSL
Related
I am hosting my app in Linode and I have a stripe webhook that doesn't reach the api. I could hit the endpoint before installing ssl certificates but after the ssl configuration my app can't reach the endpoint. I am following tutorials and don't know a lot about nginx proxying and backend so apologies if my explanation is not clear.
My stripe webhook is listening to the following endpoint:
https://mywebsite.com/api/stripe-webhook
And here is my proxy configuration:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
#ssl on;
ssl_certificate /etc/ssl/certs/kk/certificate.crt;
ssl_certificate_key /etc/ssl/certs/kk/private_key.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mywebsite.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I am not even getting any meaningful error message in Stripe:
My question is what am I doing wrong and is there any other file that I need to configure?
I installed Appwrite on an debian-server.
The https-port for Appwrite is 444 (443 was already used). Nginx redirects my subdomain to this port.
I have a custom SSL-certificate which is working for this domain and subdomains. I can open the appwrite via the subdomain but when I click "Sign Up" to create a root account for appwrite, I get the following Error:
Invalid Origin. Register your new client (appwrite.domain.de) as a
new Web platform on your project console dashboard
First I thought I have to set proxy_set_header Host $host; in the server-config, but then I am not able to open Appwrite... instead I get the Error
{"message":"Error: Server Error","code":500,"version":"1.0.1"}
Does someone has another idea or already fixed the same problem?
This is my Server-configuration in Nginx:
server {
server_name appwrite.domain.de;
location / {
proxy_pass https://localhost:444;
}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
}
server {
listen 80;
server_name domain.de
www.domain.de
;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name domain.de
www.domain.de
;
location / {
try_files $uri $uri/ =404;
}
Thanks for the help ;)
You're right, you need to include the proxy_set_header Host $host; directive. You might also want to include the following under server:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
and the following under location:
add_header X-Served-By $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;
If you're seeing a 500 error, it would be best to check the docker logs for the appwrite container to see what the problem is.
On a side note, if you're looking for an easier way to manage Nginx, I highly recommend Nginx Proxy Manager (NPM). I use NPM in front of my Appwrite.
We have been trying for days (we tested hundreds of setups) to make a Nginx Reverse Proxy successfully reverse proxy a web application that needs FQDNs (this is mandatory for this web application to work).
Using the configuration below for the Nginx Reverse Proxy together with a local DNS service (see resolver attribute) that knows the FQDN we can successfully make these http calls...
server {
access_log /var/log/nginx/apps.mbr.domain.abc-access.log;
error_log /var/log/nginx/apps.mbr.domain.abc-error.log;
server_name *.apps.mbr.domain.abc;
location / {
proxy_pass https://$host$request_uri;
resolver 127.0.0.1:53;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
}
listen 443;
ssl_certificate /etc/letsencrypt/live/apps.mbr.domain.abc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/apps.mbr.domain.abc/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
... , however if I change the proxy_pass attribute to using an IP as shown here...
server {
access_log /var/log/nginx/apps.mbr.domain.abc-access.log;
error_log /var/log/nginx/apps.mbr.domain.abc-error.log;
server_name *.apps.mbr.domain.abc;
location / {
proxy_pass https://10.2.0.18:443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
}
listen 443;
ssl_certificate /etc/letsencrypt/live/apps.mbr.domain.abc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/apps.mbr.domain.abc/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
... the web application reports not knowing the URL (error). In other words, clearly there is some parameter/data (we don't know what it is) that is added by the DNS service to the http call.
QUESTION: What is the local DNS service provided parameter/data that Nginx Reverse Proxy is not providing?
NOTE: We are asking this because we believe this is something that can be provided by the Nginx Reverse Proxy itself so that we will not need to use the local DNS service.
Thanks! =D
I'm trying to put an nginx together with the following setup:
I have two http servers running on my localhost.
One listening on port 8080, the other on port 8081.
Both should be served through https and
the production server listening on 8080 should be accessible
to www.awesomesite.io.
the test server listening on port 8081 should be accessible through
test.awesomesite.io.
Somehow, when navigating to the test.awesomesite.io the nginx server directs me to my production server.
I use the following configuration to direct www-requests to localhost:8080 and test-request to 8081.
server {
listen 80;
server_name www.awesomesite.io;
rewrite ^ https://$host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
# SSL port production server
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.awesomesite.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.awesomesite.io/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl on;
server_name www.awesomesite.io;
server_tokens off;
# ......
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
}
}
# SSL test server
server {
listen 80;
server_name test.awesomesite.io;
rewrite ^ https://$host:8443$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen [::]:8443 ssl ipv6only=on;
listen 8443 ssl;
ssl_certificate /etc/letsencrypt/live/test.awesomesite.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.awesomesite.io/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl on;
server_name test.awesomesite.io;
server_tokens off;
# ......
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
}
}
To answer my own question in case someone had the same problem:
I used the answer of https://serverfault.com/questions/538803/nginx-reverse-ssl-proxy-with-multiple-subdomains to change my configuration.
I defined multiple server blocks with www.awesomesite.io and test.awesomesite.io name for the port 443, instead of rewriting the test subdomain to use port 8443.
After these changes, the host from the test request header did match the specific server block and was routed to localhost 8081.
I still did not figure out why original configuration did not work. All requests match the production server block (or at least were handle by the first server block).
I'm having trouble of being able to access http://example.com:8000 and https://example.com:8000 but I can't seem to get them both work. This will serve as our backend and will API requests all through out. I want to either
open http://example.com:8000 and https://example.com:8000 open for API request
or
redirect from http to https redirect including the CORS authentication and and everything so the client can still get the return even with the redirect
This is my configuration so far
server {
listen 8000 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/example.com.key;
charset utf-8;
location / {
proxy_pass http://ghost:8000;
proxy_set_header Host $host:$proxy_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 497 https://$host:$server_port$request_uri;
}
You need to use different ports:
server {
listen 8000;
listen 8443 ssl;
# other directives
}