Buy Hosting

v1.6.0 Suspected Nginx Problem

Technical Support
  • julianJ

    @christian-mendieta You'll probably want to share your nginx config for NodeBB

    0
  • Christian MendietaC

    @julian sure:

    #This is a redirect to allow only secure connections
server {
	listen          80;
	server_name     mysite.tld;
	return 302 https://$server_name$request_uri;
}
server {
	listen 443 ssl;
	listen [::]:443 ssl;
	include snippets/ssl-mysite.tld.conf;
	include snippets/ssl-params.conf;
	server_name mysite.tld;

	root /var/www/html/mysite.tld/public_html;
	index index.php index.html;

	access_log /var/log/nginx/mysite.tld.access.log;
	error_log /var/log/nginx/mysite.tld.error.log;

	# SSL block
	location ~ /.well-known {
			allow all;
	}

	# Deny access to .htaccess
	location ~ /\.ht {
			deny all;
	}

	location / {
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;
		proxy_set_header X-NginX-Proxy true;

		proxy_pass http://127.0.0.1:4567;
		proxy_redirect off;

		# New fixes. Values are powers of 2, this works for me, you can increase.
		#proxy_headers_hash_bucket_size  128;
		#proxy_headers_hash_max_size  1024;

		# Socket.IO Support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	} 
}

    Am I missing something?
    Thanks!
    Christian

    0
  • julianJ

    What's your config.json?

    0
  • Christian MendietaC

    That would be:

    {
    "url": "https://mysite.tld",
    "secret": "97a8ebc8-dxx",
    "database": "mongo",
    "port": 4567,
    "mongo": {
        "host": "192.168.xx.xx",
        "port": "27097",
        "username": "nodebb",
        "password": "soeasy",
        "database": "nodebb"
    }
}
    0
  • julianJ

    @Christian-Mendieta

    Any chance you can reset your config to just the bare-bones as defined in https://docs.nodebb.org/configuring/proxies/nginx/?

    I'm looking at the includes, which could literally be anything 😕

    0
  • Christian MendietaC

    OK, did some clean up, the problem persist, the nginx config now is:

    server {
        listen          80;
        server_name     mysite.tld;
        return 302 https://$server_name$request_uri;
}

#This is a redirect to allow only secure connections
server {
	listen 443 ssl;
	listen [::]:443 ssl;

	ssl_certificate /etc/letsencrypt/live/mysite.tld/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mysite.tld/privkey.pem;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'AES128+EECDH:AES128+EDH';

	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	server_name mysite.tld;

	root /var/www/html/mysite.tld/public_html;
	index index.php index.html;

	access_log /var/log/nginx/mysite.tld.access.log;
	error_log /var/log/nginx/mysite.tld.error.log;

	# SSL block
	location ~ /.well-known {
			allow all;
	}

	# Deny access to .htaccess
	location ~ /\.ht {
			deny all;
	}

	location / {
		 proxy_set_header X-Real-IP $remote_addr;
		 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		 proxy_set_header X-Forwarded-Proto $scheme;
		 proxy_set_header Host $host;
		 proxy_set_header X-NginX-Proxy true;

		 proxy_pass http://127.0.0.1:4567;
		 proxy_redirect off;     
		 # New fixes. Values are powers of 2, this works for me, you can increase.
		 #proxy_headers_hash_bucket_size  128;
		 #proxy_headers_hash_max_size  1024;

		 # Socket.IO Support
		 proxy_http_version 1.1;
		 proxy_set_header Upgrade $http_upgrade;
		 proxy_set_header Connection "upgrade";
	}

}
    0
  • PitaJP

    Try removing

    root /var/www/html/mysite.tld/public_html;
index index.php index.html;

    Probably won't fix it but it's worth a try. Also, validate your nginx configs and try restarting nginx completely (as opposed to reloading)

    1
  • Christian MendietaC

    Thanks for your answer, and you're right it didn't fix the problem even with nginx restart.

    0
  • Christian MendietaC

    Hi,
    Just for the record, I managed to make it work, here's the nginx config:

    server {
    listen      80;
    server_name mydomain.tls;
    return 301  https://$server_name$request_uri;
}


server {
    server_name mydomain.tls;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.tls/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.tls/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}

    Hope it helps someone.
    Cheers
    Christian

    1
  • U

    I upgraded from v1.5.3 to v1.6.1 and the nginx related problem I was having in v1.6.0 is no longer there. Therefore the problem has been resolved but I don't know why.

    0

Suggested Topics

Copyright © 2023 NodeBB | Contributors