Nginx for SSL in NodeBB



  • I used Lets Encrypt for SSL in NodeBB, and i config nginx below:

    server {
    listen 80;
     server_name d.paopevil.com;
     return 301 https://$host$request_uri;
    }
    server {
     listen 443 ssl;
     server_name d.paopevil.com;
     ssl_certificate /etc/letsencrypt/live/d.paopevil.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/d.paopevil.com/privkey.pem;
     location / {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $http_host;
     proxy_set_header X-NginX-Proxy true;
     proxy_pass http://127.0.0.1:4567/;
     proxy_redirect off;
     # Socket.IO Support
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
     }
     location ~ /.well-known {
     allow all;
     }
    }
    

    But I don't login with Admin account. And where did I go wrong?



  • Nginx config :

    # code block
    
    # HTTP Server
    server {
    	source_charset utf-8;
        listen 80;
        server_name nodebb.dev;
    	
        rewrite ^ https://$server_name$request_uri permanent;
    }
    
    server {
    
    	source_charset utf-8;
    	listen nodebb.dev:443;
    	server_name nodebb.dev;
    
        ssl on;
        ssl_certificate ../../openssl/certs/nodebb/server.crt;
        ssl_certificate_key ../../openssl/certs/nodebb/server.key;
    	
        location / {
    		proxy_set_header X-Real-IP $remote_addr;
    		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    		proxy_set_header X-Forwarded-Proto $scheme;
    		proxy_set_header Host $http_host;
    		proxy_set_header X-NginX-Proxy true;
    
    		proxy_pass http://127.0.0.1:4567;
    		proxy_redirect off;
    
    		# Socket.IO Support
    		proxy_http_version 1.1;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection "upgrade";
        }
    
    }
    

    and the NodeBB config :

    {
        "url": "https://nodebb.dev:4567",
        "secret": "9feb33e9-6665-40ab-9209-d74825c4f668",
        "database": "mongo",
        "port": "4567",
        "mongo": {
            "host": "127.0.0.1",
            "port": "27017",
            "username": "nodebb",
            "password": "password",
            "database": "nodebb"
        }
    }
    

  • Admin

    You don't need the port number in url in config.json if you're using nginx as reverse proxy.

    In your nginx server block, just have listen 443 ssl - no need to specify a bind address.

    Use nginx -t to test configuration.



  • This post is deleted!


  • Thank you!

    I use SSL so I have to add the following line of code to Nginx:

    proxy_set_header X-Forwarded-Proto $scheme;

    Then restart nginx and Nodebb, and this working.



  • Did you pack the SSL certificate based on the nginx documentation ? I use "Let's Encrypt" and it only worked when I did NOT pack the certificate crt file.


  • Admin

    Pack? You mean combine with intermediate certs? To my knowledge no such combining is required when using Let's Encrypt



  • @julian

    Yes, figured that out the hard way lol


 

| |