nginx reverse proxy nodebb



  • Hello everybody

    I have the following error
    "connection to nodebb has been lost attempting to reconnect"
    I think it's just a small problem but I can't find where I missed the nginx configuration.

    I have a reverse-proxy on a virtual machine who redirect to the nodebb virtual machine.

    server {
    listen       80;
    listen       [::]:80;
    server_name  forum.mydomaine.com;
    root         /var/www/localhost/htdocs;
    #path to certobot validation
    location /.well-known/acme-challenge {
       root /var/www/localhost/htdocs/certbot_validation/;
       }
    rewrite ^ https://$server_name$request_uri? permanent;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root  /var/www/htdocs;
    }
    }
    
    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2 ;
    server_name  forum.mydomaine.com;
    ssl on;
    ssl_protocols TLSv1.2;
    #Certificat
    ssl_certificate /etc/letsencrypt/live/forum.mydomaine.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/forum.mydomaine.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/forum.mydomaine.com/chain.pem;
    #Diffie-Hellman
     #ssl_dhparam /etc/ssl/private/dh4096.pem;
     ssl_ecdh_curve secp384r1;
    #Ciphers
    ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
    ssl_prefer_server_ciphers on;
    #Paramètres TLS
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_session_tickets off;
    #OCSP Stapling
     resolver 89.234.141.66  valid=300s;
    resolver_timeout 5s;
    ssl_stapling on;
    ssl_stapling_verify on;
    #file transfert /nextcloud options
    client_max_body_size    3012M;
      #HSTS
     #add_header Strict-Transport-Security "max-age=31536000;";   
    #path to certobot validation
    location /.well-known/acme-challenge {
       root /var/www/localhost/htdocs/certbot_validation/;
    }
    #normal redirection
     location / {
           proxy_pass https://192.168.0.198/;
     }
    }
    

    on the nodebb VM

    forum:~/nodebb# cat config.json

    {
    "url": "http://127.0.0.1:4567",
    "secret": "1629663a-6847-46a6-8f45-b577e87896db",
    "database": "mongo",
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "nodebb_passwod",
        "database": "nodebb"
    }
    

    }

    forum:~/nodebb# cat /etc/nginx/conf.d/nodebb.conf

    # redirects http requests to https
    server {
    listen 80;
    server_name forum.mydomaine.com;
    return 302 https://$server_name$request_uri;
    }
    # the https server
    server {
    # listen on ssl, deliver with speedy if possible
    listen 443 ssl spdy;
    server_name forum.mydomaine.com;
    # change these paths!
    ssl_certificate      /etc/ssl/private/auto.certificat.pem;
        ssl_certificate_key  /etc/ssl/private/auto.certificat.pem;
    
    # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    # disables all weak ciphers
    ssl_ciphers 'AES128+EECDH:AES128+EDH';
    
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    
        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;
    
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    }


  • Sorry it's look good now, maybe a certificate error ...



  • There's still the problem.

    I just do

      ./nodebb stop
      ./nodebb start
    

    And I have got the probleme again

    It had to be just at one moment, as I played with the configuration in all directions.

    Solution for me :

    The url from config.json don't have to be the same as nginx proxy_pass

    {
      url": "https://forum.mydomaine.com",
    
       "secret": "redacted",
       "database": "mongo",
        "mongo": {
        "host": "127.0.0.1",
         "port": "27017",
         "username": "nodebb",
        "password": "nodebb_passwod",
        "database": "nodebb"
      }
    

  • Global Moderator

    Yes, the url in config.json should be equal to exactly the URL at which you access your site. It usually shouldn't be localhost or an IP address.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.