Anyone here able to help with an NGINX config issue?

Joykiller

Hi, I've recently changed some shit around and now my comments to ghost from nodebb is playing up. I think I've got all the nginx configuration files proper however still dishes out 502 error in console for unable to Access-Control-Allow-Origin. Any help would be appreciated to get this up and working again.

I was adding the following:

proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
add_header Access-Control-Allow-Origin *;

Under the forum.example.com nginx config subdomain.
Ghost is under the main domain.

#NGINX CONFIG
upstream io_nodes {
ip_hash;
server 127.0.0.1:4567;
server 127.0.0.1:4568;
server 127.0.0.1:4569;
}

server {
listen 0.0.0.0:80;
server_name forum.coinhodling.com;
access_log /home/xx/logs/forum_access.log;
error_log /home/xx/logs/forum_error.log warn;

#Nodebb proxy
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

location ^~ /.well-known/acme-challenge/ {
	alias /home/xx/public_html/.well-known/acme-challenge/;
}

location @nodebb {
    proxy_pass http://io_nodes;
}

location ~ ^/assets/(.*) {
    root /home/xx/nodebb/;
    try_files /public/$1 @nodebb;
}

location /plugins/ {
    root /home/xx/nodebb/build/public/;
    try_files $uri @nodebb;
}

location / {
    proxy_pass http://io_nodes;
 }
}

server {
listen 0.0.0.0:443 ssl;
server_name forum.example.com;
access_log /home/xx/logs/forum_access.log;
error_log /home/xx/logs/forum_error.log warn;


###
# SSL Enabled variables

ssl on;
ssl_certificate /home/xx/ssl.cert;
ssl_certificate_key /home/xx/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
add_header Strict-Transport-Security "max-age=31536000";

#Nodebb proxy
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

location ^~ /.well-known/acme-challenge/ {
	alias /home/xx/public_html/.well-known/acme-challenge/;
}

location @nodebb {
    proxy_pass http://io_nodes;
}

location ~ ^/assets/(.*) {
    root /home/xx/nodebb/;
    try_files /public/$1 @nodebb;

}

location /plugins/ {
    root /home/xx/nodebb/build/public/;
    try_files $uri @nodebb;
}

location / {
    proxy_pass http://io_nodes;
 }
}

More or less posting to see if anyone notices something im missing.

PitaJ

make sure the header setting in the NodeBB acp is correct. Also, you might try looking at the response headers from your site with a tool like this.

Also, I highly recommend redirecting users from http to https, instead of serving both normally.

Joykiller

I assume your talking about like postman tool? You linked back to this page. Yeah I had redirection headers up i removed them incase it was an issue.

Joykiller

@pitaj said in Anyone here able to help with an NGINX config issue?:

make sure the header setting in the NodeBB acp is correct. Also, you might try looking at the response headers from your site with a tool like this.

Also, I highly recommend redirecting users from http to https, instead of serving both normally.

Postman headers show:
access-control-allow-headers →true
access-control-allow-methods →true
access-control-allow-origin →https://example.com

So its really strange.. (Obviously example is removed, if you like I can PM you the link.)

I'm wondering if Cloudflare has anything to do with it.

PitaJ

Did you check the ACP settings?

Joykiller

@pitaj said in Anyone here able to help with an NGINX config issue?:

Did you check the ACP settings?

You mean for the forum under the plugin and advanced on the admin for node? Yep. Above post headers are from what was in the admin same as the plugin

I've gone through it, and i think its a plugin issue. I didnt have any problems till I upgraded ghost to latest ver and nodebb to 1.5.3 to be honnest.

Joykiller

@julian What version of ghost do you use for the main blog? I've just upgraded and i think it screwed up something and I'm unable to link keeps coming up with a cor's issue even tho had all the headers set? I thought it was cloudflare blocking but no I removed all that back on normal server stuff now and still had the issues.

Like i siad used to work before I upgraded Ghost then Nodebb to 1.5.3 So duno what happened.

julian

@Joykiller We're on a pretty old version of Ghost actually

0.7.1

Joykiller

@julian said in Anyone here able to help with an NGINX config issue?:

@Joykiller We're on a pretty old version of Ghost actually

0.7.1

Yeah thats what I thought.