nginx reverse proxy nodebb

remydev

Hello everybody

I have the following error
"connection to nodebb has been lost attempting to reconnect"
I think it's just a small problem but I can't find where I missed the nginx configuration.

I have a reverse-proxy on a virtual machine who redirect to the nodebb virtual machine.

server {
listen       80;
listen       [::]:80;
server_name  forum.mydomaine.com;
root         /var/www/localhost/htdocs;
#path to certobot validation
location /.well-known/acme-challenge {
   root /var/www/localhost/htdocs/certbot_validation/;
   }
rewrite ^ https://$server_name$request_uri? permanent;
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root  /var/www/htdocs;
}
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2 ;
server_name  forum.mydomaine.com;
ssl on;
ssl_protocols TLSv1.2;
#Certificat
ssl_certificate /etc/letsencrypt/live/forum.mydomaine.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forum.mydomaine.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/forum.mydomaine.com/chain.pem;
#Diffie-Hellman
 #ssl_dhparam /etc/ssl/private/dh4096.pem;
 ssl_ecdh_curve secp384r1;
#Ciphers
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
ssl_prefer_server_ciphers on;
#Paramètres TLS
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
#OCSP Stapling
 resolver 89.234.141.66  valid=300s;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
#file transfert /nextcloud options
client_max_body_size    3012M;
  #HSTS
 #add_header Strict-Transport-Security "max-age=31536000;";   
#path to certobot validation
location /.well-known/acme-challenge {
   root /var/www/localhost/htdocs/certbot_validation/;
}
#normal redirection
 location / {
       proxy_pass https://192.168.0.198/;
 }
}

on the nodebb VM

forum:~/nodebb# cat config.json

{
"url": "http://127.0.0.1:4567",
"secret": "1629663a-6847-46a6-8f45-b577e87896db",
"database": "mongo",
"mongo": {
    "host": "127.0.0.1",
    "port": "27017",
    "username": "nodebb",
    "password": "nodebb_passwod",
    "database": "nodebb"
}

}

forum:~/nodebb# cat /etc/nginx/conf.d/nodebb.conf

# redirects http requests to https
server {
listen 80;
server_name forum.mydomaine.com;
return 302 https://$server_name$request_uri;
}
# the https server
server {
# listen on ssl, deliver with speedy if possible
listen 443 ssl spdy;
server_name forum.mydomaine.com;
# change these paths!
ssl_certificate      /etc/ssl/private/auto.certificat.pem;
    ssl_certificate_key  /etc/ssl/private/auto.certificat.pem;

# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';

ssl_prefer_server_ciphers on;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_pass http://127.0.0.1:4567;
    proxy_redirect off;

    # Socket.IO Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
}

remydev

Sorry it's look good now, maybe a certificate error ...

remydev

There's still the problem.

I just do

  ./nodebb stop
  ./nodebb start

And I have got the probleme again

It had to be just at one moment, as I played with the configuration in all directions.

Solution for me :

The url from config.json don't have to be the same as nginx proxy_pass

{
  url": "https://forum.mydomaine.com",

   "secret": "redacted",
   "database": "mongo",
    "mongo": {
    "host": "127.0.0.1",
     "port": "27017",
     "username": "nodebb",
    "password": "nodebb_passwod",
    "database": "nodebb"
  }

PitaJ

Yes, the url in config.json should be equal to exactly the URL at which you access your site. It usually shouldn't be localhost or an IP address.