0

I have followed some tutorials that teaches to implement ssl but most of them are not working for some reason, http works fine tho, don't know what I'm missing This is my default config, It looks like I have something wrong on my default config because I can create an httpServer in my backend.

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/metroville/{{domain}}/build;
        index index.html index.htm index.nginx-debian.html;

        server_name {{domain}};

        listen [::]:443 ssl ipv6only=on;
        listen 443 ssl;

        ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
                try_files $uri /index.html;
        }

        location /api/ {
                proxy_pass http://localhost:5000;
        }
}
kgcusi
  • 215
  • 7
  • 18
  • Certificates do not magically happen just because you mentioned these in the config. It is unclear what you did apart from the config. It is unclear what the contents of the certificate and key is. It is unclear what "not working" means in detail, i.e. what exact errors you get and where (browser, server logs ...) – Steffen Ullrich Jun 26 '21 at 14:39
  • I have followed and developed ssl certificates using LetsEncrypt step by step, the error I'm having as stated in the nginx is `failed(111: Connection refused) while connecting to upstream.` This only happens when I try to make request to HTTPS it works fine in HTTP my upstream that is given to the error is `http://127.0.0.1:5000/api/info` In my frontend it loads for a while and proceeds to the request took too long error – kgcusi Jun 26 '21 at 14:45
  • Let's check if I understood you correctly: it is possible to access the API locally using `http://127.0.0.1:5000/...`. It is also possible to access the API using HTTP through your given server, i..e. `http://{{domain}}/api/...`. But it fails when accessing the API using HTTPS, i.e. `https://{{domain}}/api/...` and the problem is that it cannot connect to the configured upstream? This would be very strange since there is only a common upstream defined for both HTTP and HTTPS - at least in the config you show. – Steffen Ullrich Jun 26 '21 at 15:20
  • Yes, I dont know why HTTPS wont work because all the files is existing and just wont make the request for some reason. I also configured my server.js in the backend with the httpsServer and it connected fine. So I think the problem is either the config or in my letsencrypt – kgcusi Jun 26 '21 at 15:29
  • The problem is unrelated to the certificates (letsencrypt) or HTTPS itself: the error of reaching the upstream can only happen if it knows that it needs to reach the upstream which mean that it has read the HTTP request with the full path already. The HTTP request is read only after the TLS handshake is already completed successfully. My guess is that either your config is not what you show and that you have actually different configs for HTTP and HTTPS. Or that your upstream has crashed after you've successfully tried with HTTP and is thus not reachable from nginx any more. – Steffen Ullrich Jun 26 '21 at 15:35
  • I set up my nginx config on the default thus not making any other configs, if so that happened, should I just remove the whole folder and try to remake it just to be sure? – kgcusi Jun 26 '21 at 16:07
  • @SteffenUllrich I have tried to clear out my sites-available and sites-enabled folder and created a new default file, but now it doesnt log any error but still loads for a while until `This site cannot be reached` on the browser – kgcusi Jun 26 '21 at 16:26
  • Unfortunately there are not enough information for me to help. And this question is basically a moving target, i.e. you do something and now it is even more unclear what you actually have running and configured. I recommend that you ask a question with enough details for others to actually reproduce your problems and with as much detailed error messages and configuration as possible. – Steffen Ullrich Jun 26 '21 at 17:29
  • Do I need to edit my ec2 instance security group and open the port https? As I read tutorials they only opened http and still worked. – kgcusi Jun 26 '21 at 23:28

0 Answers0