Lost connection to nodebb after setting up ssl

Technical Support
Log in to reply
  • Nam Vu
    GNU/Linux

    Hi guys, first off, thank you so much for the supports! Please read my full issue as I have a little bit of explaining to do.

    Here is the error I'm seeing:

    Looks like your connection to NodeBB was lost, please wait while we try to reconnect.

    You see, I have seen this post but the issue seems unrelated.

    Here is my nodebb config.json at all time:

    {
    "url": "http://static-external-ip:4567",
    "secret": "0c2fa0de-5bc4-4e59-8b4b-3eea84f98beb",
    "database": "mongo",
    "mongo": {
        "host": "x.x.x.x",
        "port": "x",
        "username": "x",
        "password": "x",
        "database": "x",
        "uri": ""
    },
    "port": "4567"
}

    Alright here is the actual issue description:

    • This nginx config without ssl works:
    server {
    listen 80;
    server_name static-external-ip;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

    I can visit my ip address and everything works fine just as expected.

    • This nginx config doesn't:
    server {
    listen [::]:443 ssl;
    listen 443 ssl;    

    ssl_certificate /etc/letsencrypt/live/my-domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my-domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    server_name mydomain www.mydomain;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

    With the above config, visiting my webpage gives me a:
    Looks like your connection to NodeBB was lost, please wait while we try to reconnect. 😞

    I bought my domain from Google Domain, and it requires ssl. Any pointer would be greatly appreciated!

    Thanks

    0
  • PitaJ
    Global Moderator Plugin & Theme Dev

    Try checking out this post: https://community.nodebb.org/topic/13388/faq-websockets-not-working-due-to-misconfigured-origins

    I'm guessing your issue is caused by the URL property in config.json not exactly matching the URL at which you're accessing the site.

    Nam Vu 1 Reply 1
  • Nam Vu
    GNU/Linux

    @PitaJ
    Thanks for the helping. However, what I'm getting on the console is this:

    socket.io.js:7 GET https://www.my-domain/socket.io/?EIO=3&transport=polling&t=M_I_o5r 403 (Forbidden)

    Instead of

    WebSocket connection to 'wss://<site>/socket.io/?EIO=3&transport=websocket' failed:
Error during WebSocket handshake: Unexpected response code: 400

    As suggested by the above page, the weird thing is that running it with:

    $ nodebb dev

    Does eliminate the issue. I have tried to change the ip for my config.json also but it doesn't seem to help. Any idea?

    P.S. here are my current config

    config.json:

    {
    "url": "http://mydomainame",
    "secret": "xxx",
    "database": "mongo",
    "mongo": {
        "host": "x.x.x.x",
        "port": "x",
        "username": "x",
        "password": "x",
        "database": "x",
        "uri": ""
    },
    "port": "4567"
}

    nginx ssl config:

    ### redirects http requests to https
server {
    listen 80;
    server_name www.mydomain mydomain;
    return 302 https://$server_name$request_uri;
}

server {
    # listen on ssl, deliver with speedy if possible
    listen 443 ssl spdy;

    # server_name 34.70.169.20;
    server_name www.mydomain mydomain;

    # ssl paths
    ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/domain/privkey.pem;    
    
    # enables all TSL 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    # disables all weak ciphers
    ssl_ciphers 'AES128+EECDH:AES128+EDH';

    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
    0
  • oplik0
    Plugin & Theme Dev Community Rep

    I see the probable cause of the problem - your config needs full url, including the "https" part. Currently it has "http" there instead.

    Nam Vu 1 Reply 1
  • Nam Vu
    GNU/Linux

    @PitaJ @oplik0 it's working, thanks guys!

    0

Suggested Topics

| |
Copyright © 2021 NodeBB | Contributors

Get Started

Resources

Company

Start Free Trial
Github Facebook Instagram Twitter
© 2014 – 2022 NodeBB, Inc. — Made in Canada.