v1.6.0 Suspected Nginx Problem

julian

@christian-mendieta You'll probably want to share your nginx config for NodeBB

Christian Mendieta

@julian sure:

#This is a redirect to allow only secure connections
server {
	listen          80;
	server_name     mysite.tld;
	return 302 https://$server_name$request_uri;
}
server {
	listen 443 ssl;
	listen [::]:443 ssl;
	include snippets/ssl-mysite.tld.conf;
	include snippets/ssl-params.conf;
	server_name mysite.tld;

	root /var/www/html/mysite.tld/public_html;
	index index.php index.html;

	access_log /var/log/nginx/mysite.tld.access.log;
	error_log /var/log/nginx/mysite.tld.error.log;

	# SSL block
	location ~ /.well-known {
			allow all;
	}

	# Deny access to .htaccess
	location ~ /\.ht {
			deny all;
	}

	location / {
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;
		proxy_set_header X-NginX-Proxy true;

		proxy_pass http://127.0.0.1:4567;
		proxy_redirect off;

		# New fixes. Values are powers of 2, this works for me, you can increase.
		#proxy_headers_hash_bucket_size  128;
		#proxy_headers_hash_max_size  1024;

		# Socket.IO Support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	} 
}

Am I missing something?
Thanks!
Christian

julian

What's your config.json?

Christian Mendieta

That would be:

{
    "url": "https://mysite.tld",
    "secret": "97a8ebc8-dxx",
    "database": "mongo",
    "port": 4567,
    "mongo": {
        "host": "192.168.xx.xx",
        "port": "27097",
        "username": "nodebb",
        "password": "soeasy",
        "database": "nodebb"
    }
}

julian

@Christian-Mendieta

Any chance you can reset your config to just the bare-bones as defined in https://docs.nodebb.org/configuring/proxies/nginx/?

I'm looking at the includes, which could literally be anything

Christian Mendieta

OK, did some clean up, the problem persist, the nginx config now is:

server {
        listen          80;
        server_name     mysite.tld;
        return 302 https://$server_name$request_uri;
}

#This is a redirect to allow only secure connections
server {
	listen 443 ssl;
	listen [::]:443 ssl;

	ssl_certificate /etc/letsencrypt/live/mysite.tld/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mysite.tld/privkey.pem;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'AES128+EECDH:AES128+EDH';

	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	server_name mysite.tld;

	root /var/www/html/mysite.tld/public_html;
	index index.php index.html;

	access_log /var/log/nginx/mysite.tld.access.log;
	error_log /var/log/nginx/mysite.tld.error.log;

	# SSL block
	location ~ /.well-known {
			allow all;
	}

	# Deny access to .htaccess
	location ~ /\.ht {
			deny all;
	}

	location / {
		 proxy_set_header X-Real-IP $remote_addr;
		 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		 proxy_set_header X-Forwarded-Proto $scheme;
		 proxy_set_header Host $host;
		 proxy_set_header X-NginX-Proxy true;

		 proxy_pass http://127.0.0.1:4567;
		 proxy_redirect off;     
		 # New fixes. Values are powers of 2, this works for me, you can increase.
		 #proxy_headers_hash_bucket_size  128;
		 #proxy_headers_hash_max_size  1024;

		 # Socket.IO Support
		 proxy_http_version 1.1;
		 proxy_set_header Upgrade $http_upgrade;
		 proxy_set_header Connection "upgrade";
	}

}

PitaJ

Try removing

root /var/www/html/mysite.tld/public_html;
index index.php index.html;

Probably won't fix it but it's worth a try. Also, validate your nginx configs and try restarting nginx completely (as opposed to reloading)

Christian Mendieta

Thanks for your answer, and you're right it didn't fix the problem even with nginx restart.

Christian Mendieta

Hi,
Just for the record, I managed to make it work, here's the nginx config:

server {
    listen      80;
    server_name mydomain.tls;
    return 301  https://$server_name$request_uri;
}


server {
    server_name mydomain.tls;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.tls/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.tls/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}

Hope it helps someone.
Cheers
Christian

unterm

I upgraded from v1.5.3 to v1.6.1 and the nginx related problem I was having in v1.6.0 is no longer there. Therefore the problem has been resolved but I don't know why.