0

Good day everybody,

I have set up an Nginx Webserver on an Ubuntu instance. I have configured the /etc/nginx/sites-enabled/default file like this:

    server {
            listen 80;                             #listen IPv4
            listen [::]:80;                        #listen IPv6
            server_name my.domain.de;
            return 301 https://$host$request_uri;   #redirect to https://
    }


    server {
            listen 443 ssl spdy;                   #listen IPv4
            listen [::]:443 ssl spdy;              #listen IPv6

            error_log /var/log/nginx/rocketchat_error.log;
            ssl_certificate /etc/letsencrypt/live/my.domain.de/fullchain.pem; # managed by Certbot
            ssl_certificate_key /etc/letsencrypt/live/my.domain.de/privkey.pem; # managed by Certbot
            ssl_dhparam /etc/nginx/dhparams.pem;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESG$
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:20m;
            ssl_session_timeout 180m;

            location / {
                    proxy_pass http://my.domain.de:3000/;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
                    proxy_set_header Host $http_host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forward-Proto http;
                    proxy_set_header X-Nginx-Proxy true;
                    proxy_redirect off;
            }
    }

I have also included the /etc/nginx/sites-enabled/default file inside /etc/nginx/nginx.conf under http{} via

include /etc/nginx/sites-enabled/default;

I also tried to it with

rewrite ^ https://$host$request_uri? permanent;

and with

retrun 301 https://my.domain.de$request_uri;

and any other possible variant.

Any help would be appreciated.

Thanks in advance

Simon

drflngr
  • 1
  • What's not working...? – Lenniey Aug 22 '17 at 08:07
  • It isn't redirecting, the browser (tried already 4 different) just tries to find "http://my.domain.de" (with http)and gives me the error ERR_CONNECTION_TIMED_OUT – drflngr Aug 22 '17 at 08:11
  • https://my.domain.de (with https)is working on the other hand – drflngr Aug 22 '17 at 08:12
  • Please show the output of `curl -I http://my.domain.com`. I guess the redirect isn't the problem, instead `proxy_pass http://my.domain.de:3000/` seems fishy: If the domain name does resolve to a public IP, is port 3000 accessible? Maybe try something like `127.0.0.1` there. – gxx Aug 22 '17 at 08:15
  • HTTP/1.1 301 Moved Permanently Server: nginx/1.4.6 (Ubuntu) Date: Tue, 22 Aug 2017 08:16:12 GMT Content-Type: text/html Content-Length: 193 Connection: keep-alive Location: https://my.domain.de/ (with https (sorry that it won't show)) – drflngr Aug 22 '17 at 08:16
  • See my edited comment above. The redirect is working, but the `proxy_pass ...` is not. – gxx Aug 22 '17 at 08:17
  • Change your port 80 config to `return 301 https://$server_name$request_uri;`. Is port 3000 opened on your host for external connections? Otherwise you need to change `proxy_pass http://my.domain.de:3000/;` to `proxy_pass http://localhost:3000/;` or similar. – Lenniey Aug 22 '17 at 08:19
  • @Lenniey That's what I already wrote. The `return` directive is fine, no need to change that. – gxx Aug 22 '17 at 08:20
  • @gf_ woops, sorry, didn't see the comments. – Lenniey Aug 22 '17 at 08:22
  • Also: `proxy_set_header X-Forward-Proto http;` should read `https`, right? – gxx Aug 22 '17 at 08:25
  • Thanks but it still isn't working. I have already tríed `return 301 https://$server_name$request_uri;` and I also tried `proxy_pass http://localhost:3000/;` and `proxy_pass http://127.0.0.1:3000/;` and `proxy_pass http://127.0.0.1/;` and `proxy_pass http://localhost/;` neither worked – drflngr Aug 22 '17 at 08:26
  • @gf_ I'll try if that (proxy_set_header)works – drflngr Aug 22 '17 at 08:27
  • Don't touch `return`, that's not the problem, and obviously working. Don't try random `proxy_pass ...` directives; do you know which port your backend is running? Show the nginx debug log of a failing request and/or `netstat -tulpn`. – gxx Aug 22 '17 at 08:29
  • doesn't work :( – drflngr Aug 22 '17 at 08:29
  • Depends on which IPs your 3000-service is listening. @gf_ mentioned your `X-Forward-Proto http;` should read `https`, I also assume it should be `X-Forwarded-Proto` – Lenniey Aug 22 '17 at 08:29
  • My docker-proxy is listening to port 3000 and 3001 – drflngr Aug 22 '17 at 08:31
  • Please always add additional information into the question, not to a comment. That way it is easier to read. What does `curl -v http://my.domain.de 3000` show when you run it on the server? – Tero Kilkanen Aug 23 '17 at 13:19
  • * Rebuilt URL to: http://my.domain.de/ * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to my.domain.de (127.0.0.1) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.35.0 > Host: my.domain.de > Accept: */* > < HTTP/1.1 301 Moved Permanently * Server nginx/1.4.6 (Ubuntu) is not blacklisted < Server: nginx/1.4.6 (Ubuntu) < Date: Fri, 01 Sep 2017 08:06:10 GMT < Content-Type: text/html < Content-Length: 193 < Connection: keep-alive < Location: https://my.domain.de/ – drflngr Sep 01 '17 at 08:10
  • < 301 Moved Permanently

    301 Moved Permanently

    nginx/1.4.6 (Ubuntu)

    * Connection #0 to host my.domain.de left intact * Rebuilt URL to: 3000/ * Hostname was NOT found in DNS cache * Trying 0.0.11.184... * Immediate connect fail for 0.0.11.184: Invalid argument * Closing connection 1 curl: (7) Couldn't connect to server

     – drflngr Sep 01 '17 at 08:10

0 Answers0