nginx reverse proxy nodebb



  • Hello everybody

    I have the following error
    "connection to nodebb has been lost attempting to reconnect"
    I think it's just a small problem but I can't find where I missed the nginx configuration.

    I have a reverse-proxy on a virtual machine who redirect to the nodebb virtual machine.

    server {
    listen       80;
    listen       [::]:80;
    server_name  forum.mydomaine.com;
    root         /var/www/localhost/htdocs;
    #path to certobot validation
    location /.well-known/acme-challenge {
       root /var/www/localhost/htdocs/certbot_validation/;
       }
    rewrite ^ https://$server_name$request_uri? permanent;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root  /var/www/htdocs;
    }
    }
    
    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2 ;
    server_name  forum.mydomaine.com;
    ssl on;
    ssl_protocols TLSv1.2;
    #Certificat
    ssl_certificate /etc/letsencrypt/live/forum.mydomaine.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/forum.mydomaine.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/forum.mydomaine.com/chain.pem;
    #Diffie-Hellman
     #ssl_dhparam /etc/ssl/private/dh4096.pem;
     ssl_ecdh_curve secp384r1;
    #Ciphers
    ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
    ssl_prefer_server_ciphers on;
    #Paramètres TLS
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_session_tickets off;
    #OCSP Stapling
     resolver 89.234.141.66  valid=300s;
    resolver_timeout 5s;
    ssl_stapling on;
    ssl_stapling_verify on;
    #file transfert /nextcloud options
    client_max_body_size    3012M;
      #HSTS
     #add_header Strict-Transport-Security "max-age=31536000;";   
    #path to certobot validation
    location /.well-known/acme-challenge {
       root /var/www/localhost/htdocs/certbot_validation/;
    }
    #normal redirection
     location / {
           proxy_pass https://192.168.0.198/;
     }
    }
    

    on the nodebb VM

    forum:~/nodebb# cat config.json

    {
    "url": "http://127.0.0.1:4567",
    "secret": "1629663a-6847-46a6-8f45-b577e87896db",
    "database": "mongo",
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "nodebb_passwod",
        "database": "nodebb"
    }
    

    }

    forum:~/nodebb# cat /etc/nginx/conf.d/nodebb.conf

    # redirects http requests to https
    server {
    listen 80;
    server_name forum.mydomaine.com;
    return 302 https://$server_name$request_uri;
    }
    # the https server
    server {
    # listen on ssl, deliver with speedy if possible
    listen 443 ssl spdy;
    server_name forum.mydomaine.com;
    # change these paths!
    ssl_certificate      /etc/ssl/private/auto.certificat.pem;
        ssl_certificate_key  /etc/ssl/private/auto.certificat.pem;
    
    # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    # disables all weak ciphers
    ssl_ciphers 'AES128+EECDH:AES128+EDH';
    
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    
        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;
    
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    }


  • Sorry it's look good now, maybe a certificate error ...



  • There's still the problem.

    I just do

      ./nodebb stop
      ./nodebb start
    

    And I have got the probleme again

    It had to be just at one moment, as I played with the configuration in all directions.

    Solution for me :

    The url from config.json don't have to be the same as nginx proxy_pass

    {
      url": "https://forum.mydomaine.com",
    
       "secret": "redacted",
       "database": "mongo",
        "mongo": {
        "host": "127.0.0.1",
         "port": "27017",
         "username": "nodebb",
        "password": "nodebb_passwod",
        "database": "nodebb"
      }
    

  • Global Moderator

    Yes, the url in config.json should be equal to exactly the URL at which you access your site. It usually shouldn't be localhost or an IP address.


 

| |