Many Thanks 
@pummelchen Thanks for the response.
Ok for the solution, but If that's true, it's still strange behavior. My forum is in a test period so indeed it doesn't have much traffic, but I come by at least once a day to see just how frequent the error is. It means that if we go on vacation and nobody visits our forum for a few days, when we get back all the owners of a forum under nodeBB have chances to see this error? That's annoying.
Configuration problem (Nginx, proxy, config.json, letsencrypt)
-
Hello NodeBB Experts,
i run in an little problem(?).
I have an NodeBB installation on port 4567, using nginx to proxy and Let'sEncrypt.
When someone register you got this mail:
VIELEN DANK FÜR DIE REGISTRIERUNG BEI FRANK-MANKEL.ORG!
Um dein Konto vollständig zu aktivieren, müssen wir überprüfen, ob du Besitzer
der E-Mail-Adresse bist, mit der du dich registriert hast.Klicke hier, um deine E-Mail-Adresse zu bestätigen.
[http://frank-mankel.org:4567/confirm/b87468d3-eb87-4bea-9afc-65e7xxxxxxxx]
DANKE!
frank-mankel.orgWhen i klick on this link i get this error:
Fehler: Gesicherte Verbindung fehlgeschlagenSorry for german. In english
Error: Secure connection failedWhat do i wrong?
config.json
{ "url": "http://frank-mankel.org", "port": "4567", "secret": "xxxxx", "database": "redis", "redis": { "host": "127.0.0.1", "port": "6379", "password": "xxxxxx", "database": "0" }, "type": "literal" }nginx default
server { listen 80; listen 443 ssl spdy; server_name www.frank-mankel.org; ssl_certificate /etc/letsencrypt/xxx/fullchain.pem; ssl_certificate_key /etc/letsencrypt/xxx/privkey.pem; return 301 $scheme://frank-mankel.org$request_uri; } server { listen 80; listen 443 ssl spdy; server_name frank-mankel.org; ssl_certificate /etc/letsencrypt/xxx/fullchain.pem; ssl_certificate_key /etc/letsencrypt/xxx/privkey.pem; # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disables all weak ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES$ #ssl_ciphers 'AES128+EECDH:AES128+EDH'; #ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparams.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; # no trailing slash proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }}
As an bad workaround i have edit the email template Welcome
[[email:notif.post.unsub.info]] <a href="frank-mankel.org/{uid}/settings">[[email:unsub.cta]]</a>.that's remove the port 4567 and it's work. But this is an dirty fix
Sorry for any mistakes. English is not my native language.
-
@frankm said in Welcome Message:
"url": "http://frank-mankel.org",
change that to
"url": "https://frank-mankel.org",and restart NodeBB. Does it still happen after that? -
Also you shouldn't be listening on ports 80 and 443 from nginx. Instead, redirect
http(aka port 80) tohttps
