Nginx for SSL in NodeBB

General Discussion
Log in to reply
  • P

    I used Lets Encrypt for SSL in NodeBB, and i config nginx below:

    server {
listen 80;
 server_name d.paopevil.com;
 return 301 https://$host$request_uri;
}
server {
 listen 443 ssl;
 server_name d.paopevil.com;
 ssl_certificate /etc/letsencrypt/live/d.paopevil.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/d.paopevil.com/privkey.pem;
 location / {
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header Host $http_host;
 proxy_set_header X-NginX-Proxy true;
 proxy_pass http://127.0.0.1:4567/;
 proxy_redirect off;
 # Socket.IO Support
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 }
 location ~ /.well-known {
 allow all;
 }
}

    But I don't login with Admin account. And where did I go wrong?

    0
  • H

    Nginx config :

    # code block

# HTTP Server
server {
	source_charset utf-8;
    listen 80;
    server_name nodebb.dev;
	
    rewrite ^ https://$server_name$request_uri permanent;
}

server {

	source_charset utf-8;
	listen nodebb.dev:443;
	server_name nodebb.dev;

    ssl on;
    ssl_certificate ../../openssl/certs/nodebb/server.crt;
    ssl_certificate_key ../../openssl/certs/nodebb/server.key;
	
    location / {
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $http_host;
		proxy_set_header X-NginX-Proxy true;

		proxy_pass http://127.0.0.1:4567;
		proxy_redirect off;

		# Socket.IO Support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
    }

}

    and the NodeBB config :

    {
    "url": "https://nodebb.dev:4567",
    "secret": "9feb33e9-6665-40ab-9209-d74825c4f668",
    "database": "mongo",
    "port": "4567",
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "password",
        "database": "nodebb"
    }
}
    1
  • julian
    GNU/Linux Admin

    You don't need the port number in url in config.json if you're using nginx as reverse proxy.

    In your nginx server block, just have listen 443 ssl - no need to specify a bind address.

    Use nginx -t to test configuration.

    Alex Xin 1 Reply 1
  • Alex Xin

    This post is deleted!
    0
  • P

    Thank you!

    I use SSL so I have to add the following line of code to Nginx:

    proxy_set_header X-Forwarded-Proto $scheme;

    Then restart nginx and Nodebb, and this working.

    1
  • 0xA4B16

    Did you pack the SSL certificate based on the nginx documentation ? I use "Let's Encrypt" and it only worked when I did NOT pack the certificate crt file.

    0
  • julian
    GNU/Linux Admin

    Pack? You mean combine with intermediate certs? To my knowledge no such combining is required when using Let's Encrypt

    0xA4B16 1 Reply 0
  • 0xA4B16

    @julian

    Yes, figured that out the hard way lol

    1

Suggested Topics

| |
Copyright © 2021 NodeBB | Contributors