First time setup failure.



  • Hello everyone, first time setup here.

    I had Nginx and NodeBB set up, but decided that I wanted HTTPS as well, so I went down the path of LetsEncrypt.

    After going through too many threads and online documentation, I am completely lost.

    Here is my Nginx file:

    #
    # HTTP - Redirect Requests on Port 80 to 443
    #
    server {
        listen 80;
        listen [::]:80;
        server_name community.mysite.net;
    
        return 301 https://$host$request_uri;
    }
    
    #
    # HTTPS
    #
    server {
        listen 443;
        listen [::]:443;
    
        server_name community.mysite.net;
    
        #
        # SSL Configuration Goes Here
        #
    
        location / {
            proxy_pass http://community.mysite.net:4567;
            proxy_connect_timeout 59s;
            proxy_send_timeout 600;
            proxy_read_timeout 600;
            proxy_buffer_size 64k;
            proxy_buffers 16 32k;
            proxy_busy_buffers_size 128k;
            proxy_temp_file_write_size 64k;
            proxy_pass_header Set-Cookie;
            proxy_redirect off;
            proxy_set_header Accept-Encoding '';
            proxy_ignore_headers Cache-Control Expires;
            proxy_set_header Referer $http_referer;
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_hide_header X-Powered-By;
            proxy_set_header Cookie $http_cookie;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_no_cache $http_pragma $http_authorization;
            proxy_cache_bypass $http_pragma $http_authorization;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
        }
    }
    
    

    Can anyone see where I have gone wrong?

    I can access NodeBB at community.mysite.net:4567

    But I get nothing at all at https://community.mysite.net



  • Add your certs
    server {
    listen 443;
    listen [::]:443;

    certs here..
    location / {
    

    }
    }



  • Would you mind sharing an example?

    It seems I'm comparable to a box of rocks at this point.



  • This is what I am seeing in the browser now.

    "This site can’t provide a secure connection"


  • Global Moderator

    Is your config based on the SSL example here?: https://docs.nodebb.org/configuring/proxies/nginx/



  • @jackzor

    server {
        # listen on ssl, deliver with speedy if possible
        listen 443 ssl spdy;
    
        server_name forum.example.org;
    
        # change these paths!
        ssl_certificate /path/to/cert/bundle.crt;
        ssl_certificate_key /path/to/cert/forum.example.org.key;
    
        # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
        # disables all weak ciphers
        ssl_ciphers 'AES128+EECDH:AES128+EDH';
    
        ssl_prefer_server_ciphers on;
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
    
            proxy_pass http://127.0.0.1:4567;  # no trailing slash
            proxy_redirect off;
    
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }
    


  • Hey guys! Thanks for the help!

    I finally got it working. Basically, I used @PitaJ link, and also had to do a bit more research on what file I had to point ssl_certificate to.

    Thanks so much!


Log in to reply
 

Suggested Topics

  • 5
  • 7
  • 2
  • 2
  • 1
| |