1

Been struggling with this for a couple of hours. I know I'm missing something simple here because everything works on my localhost as SSL with self-produced certs + it works totally fine on localhost.

The problem is - when I hit the url produktivv.com/api/testme on HTTPS, the proxy isn't working and there is no response. However, when I take off the SSL - and access via HTTP it works fine.

Using docker-compose up on a stack. I have a node.js backend and a react frontend. I have set up letsencrypt certs etc and does load the frontend fine, but I can't seem to acces

Working fine with this NGINX config 

upstream client {
  server client:3000;
}
upstream api {
  server api:5000;
}
server {
  listen 80;
  location / {
    proxy_pass http://client;
  }
    location ~ /.well-known/acme-challenge {
        allow all;
        root /usr/share/nginx/html;
    }
  location /sockjs-node {
    proxy_pass http://client;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
  }
  location /api {
    proxy_pass http://api;
  }
    location /auth {
    proxy_pass http://api;
  }
}

Not working with this configuration. 

upstream client {
  server client:3000;
}
upstream api {
  server api:5000;
}
server {
    listen      80;
    listen [::]:80;
    server_name produktivv.com www.produktivv.com;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
    #for certbot challenges (renewal process)
    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }
}

#https://produktivv.com
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name produktivv.com;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/produktivv.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/produktivv.com/privkey.pem;

    ssl_buffer_size 8k;

    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    return 301 https://www.produktivv.com$request_uri;
}

#https://www.produktivv.com
server {
    server_name www.produktivv.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_tokens off;

    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;

    ssl_certificate /etc/letsencrypt/live/produktivv.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/produktivv.com/privkey.pem;

        location / {
            proxy_pass http://client;
        }
        location /sockjs-node {
            proxy_pass http://client;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
        location /api {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_set_header   Host $http_host;
            proxy_pass http://api;
        }
        location /auth {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_set_header   Host $http_host;
            proxy_pass http://api;
        }
}

Docker Compose file.

Saul Page
  • 11
  • 1
  • Have you thought about ditching NGINX and replacing it with Traefik? It will auto obtain lets encrypt automatically for you and sort out the routing in your compose – Timothy Frew Oct 07 '18 at 10:23
  • I did see it... I will give it a bash and try Traefik instead. I am so close to getting it with nginx though.... but maybe Traefik is the future. – Saul Page Oct 07 '18 at 12:17

0 Answers0