Solved Fresh install - ERR_CONNECTION_REFUSED on HTTPS


  • I followed the guide listed here on an IONOS VPS running Ubuntu 20.04.

    After my install, I noticed that my domain started responding with "ERR_CONNECTION_REFUSED" when navigating to it via HTTPS (HTTP Navigation works fine). Prior, I was receiving DNS_PROBE_FINISHED_NXDOMAIN and had updated my DNS to point to the aforementioned IONOS VPS Server.

    Is this error being caused by nodeBB itself, or is it due to the DNS Propogation process? The logs seem to indicate everything is running fine, but I'm not 100% sure since I'm new to this all. Is there a possibility that NodeBB isn't configured properly for https?

    2022-06-01T07:28:25.576Z [4567/5071] - info: [socket.io] Restricting access to origin: http://zbgamewiki.com:*
    
    2022-06-01T07:28:25.788Z [4567/5071] - warn: [plugins/load] The following plugins may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing. In the event of an unresponsive NodeBB caused by this plugin, run `./nodebb reset -p PLUGINNAME` to disable it.
      * nodebb-plugin-emoji
    
    2022-06-01T07:28:25.911Z [4567/5071] - info: [api] Adding 0 route(s) to `api/v3/plugins`
    2022-06-01T07:28:25.956Z [4567/5071] - info: [router] Routes added
    2022-06-01T07:28:25.961Z [4567/5071] - info: NodeBB Ready
    2022-06-01T07:28:25.962Z [4567/5071] - info: Enabling 'trust proxy'
    2022-06-01T07:28:25.964Z [4567/5071] - info: NodeBB is now listening on: 0.0.0.0:4567
    
    

  • So after doing a lot of digging, I found out that the error was that NGINX needs to be configured for the SSL. This isn't really mentioned in the Ubuntu nodeBB guide, and the NGINX configuration guide linked on it is a dead link.

    First, I needed to combine my certificate and intermediate certificate (If you have a root certificate, you combine it as well) into one .cert file. This amounted to just copying the intermediate certificate and pasting it after the regular certificate (keeping the "BEGIN" and "END" lines).

    Then, I inserted the combined key into /etc/ssl/ directly. After doing this, I added my private key to a new folder I created in etc named "keys" (/etc/keys/).

    Lastly, I referenced my SSL in the "default" file in /etc/nginx/sites-available/default

    listen 443 ssl default_server;
    ssl on;
    ssl_certificate /etc/ssl/zbgamewiki.com_ssl_bundle.cer;
    ssl_certificate_key /etc/keys/_.zbgamewiki.com_private_key.key;
    

    And restarted nginx via sudo systemctl reload nginx



  • @phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    @RandomAnimeGamer said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    zbgamewiki.com

    Likely DNS propagation issue at this stage - see https://www.whatsmydns.net/#A/zbgamewiki.com

    It appears most of those servers are routing from my DNS to the correct IP Address. Forgive my ignorance, does DNS affect HTTPS separately from HTTP?


  • @RandomAnimeGamer said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    Forgive my ignorance, does DNS affect HTTPS separately from HTTP?

    No, not at all. It's simply used as a hostname to IP address mapping system. Can you post your NGINX config ?


  • @phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    No, not at all. It's simply used as a hostname to IP address mapping system. Can you post your NGINX config ?

      1 server {
      2     listen 80;
      3
      4     server_name zbgamewiki.com;
      5
      6     location / {
      7         proxy_set_header X-Real-IP $remote_addr;
      8         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      9         proxy_set_header X-Forwarded-Proto $scheme;
     10         proxy_set_header Host $http_host;
     11         proxy_set_header X-NginX-Proxy true;
     12
     13         proxy_pass http://127.0.0.1:4567;
     14         proxy_redirect off;
     15
     16         # Socket.IO Support
     17         proxy_http_version 1.1;
     18         proxy_set_header Upgrade $http_upgrade;
     19         proxy_set_header Connection "upgrade";
     20     }
     21 }
    

  • @RandomAnimeGamer What's the URL in config.json set to ?


  • GNU/Linux Admin

    @RandomAnimeGamer It looks like you don't have an SSL certificate set up, nor is your config.json expecting the site to be reached by an https url.

    So that may explain why you're seeing issues connecting via HTTPS?


  • @julian said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    @RandomAnimeGamer It looks like you don't have an SSL certificate set up, nor is your config.json expecting the site to be reached by an https url.

    So that may explain why you're seeing issues connecting via HTTPS?

    No, my SSL is set up with my hosting provider, who is also the company I've bought my domain for.

    Should my config.json specify HTTPS? I thought it would allow both, and I would just redirect HTTP to HTTPS via htaccess or web.config. I was afraid to set up that redirection rule because it wasn't loading on HTTPS at all.


  • @RandomAnimeGamer if you intend to have the site hosted on https, then yes, this needs to be reflected in your config.json which is why I asked 👍


  • @phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    @RandomAnimeGamer if you intend to have the site hosted on https, then yes, this needs to be reflected in your config.json which is why I asked 👍

    This is very strange. I updated my config.json to point to HTTPS, but it still only loads in HTTP. I even did a build and restart.

    NodeBB Log:

    [email protected]:/etc/nodebb# ./nodebb log
    
    Hit Ctrl-C to exit
    
    
      * nodebb-plugin-mentions
      * nodebb-rewards-essentials
      * nodebb-theme-oxide
    
    2022-06-01T21:57:16.362Z [4567/17567] - info: [api] Adding 0 route(s) to `api/v3/plugins`
    2022-06-01T21:57:16.383Z [4567/17567] - info: [router] Routes added
    2022-06-01T21:57:16.387Z [4567/17567] - info: NodeBB Ready
    2022-06-01T21:57:16.388Z [4567/17567] - info: Enabling 'trust proxy'
    2022-06-01T21:57:16.390Z [4567/17567] - info: NodeBB is now listening on: 0.0.0.0:4567
    2022-06-01T21:57:16.391Z [4567/17567] - info: Canonical URL: https://zbgamewiki.com:4567
    

    Image showing SSL installed
    Image showing HTTP Successful
    Image showing HTTPS Unsuccessful


  • @RandomAnimeGamer do you get the same issue if you try with an incognito session ?


  • @phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    @RandomAnimeGamer do you get the same issue if you try with an incognito session ?

    Yep, same behavior on Incognito


  • In case anyone was wondering if this was a temporary "wait a bit of time for it to propogate/update" issue, I'm still seeing the issue today on Incognito. HTTPS gives ERR_CONNECTION_REFUSED, HTTP connects.

    Update: I tried getting nginx to listen for 443 instead of 80, rebuilt nodeBB and restarted, I still see the same issue after closing / re-opening incognito.

    Update 2: Looked at the source of a resulting page and found:
    <link rel="up" href="https://zbgamewiki.com:4567" />

    Any requests that go to HTTPS internally result in a timeout on the network tab, and a console error is generated as a result.

  • GNU/Linux Admin

    @RandomAnimeGamer If your domain registrar handles SSL for you, that's fine. You can leave your nginx config as-is (listening on port 80).

    Change your config.url to https://zbgamewiki.com

    What does nginx -t say?


  • @julian said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

    @RandomAnimeGamer If your domain registrar handles SSL for you, that's fine. You can leave your nginx config as-is (listening on port 80).

    Change your config.url to https://zbgamewiki.com

    What does nginx -t say?

    I did change my config url to https://zbgamewiki.com to no avail. I am trying one thing real quick (building and restarting nodebb) but after that I'll edit this post and show what nginx -t says.

    Edit: After changing nginx back to listening on port 80, then running nginx -t, I get this:

    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    

    Edit 2: nginx config for zbgamewiki.com:

      1 server {
      2     listen 80;
      3
      4     server_name zbgamewiki.com;
      5
      6     location / {
      7         proxy_set_header X-Real-IP $remote_addr;
      8         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      9         proxy_set_header X-Forwarded-Proto $scheme;
     10         proxy_set_header Host $http_host;
     11         proxy_set_header X-NginX-Proxy true;
     12
     13         proxy_pass http://127.0.0.1:4567;
     14         proxy_redirect off;
     15
     16         # Socket.IO Support
     17         proxy_http_version 1.1;
     18         proxy_set_header Upgrade $http_upgrade;
     19         proxy_set_header Connection "upgrade";
     20     }
     21 }
     22
    

  • So after doing a lot of digging, I found out that the error was that NGINX needs to be configured for the SSL. This isn't really mentioned in the Ubuntu nodeBB guide, and the NGINX configuration guide linked on it is a dead link.

    First, I needed to combine my certificate and intermediate certificate (If you have a root certificate, you combine it as well) into one .cert file. This amounted to just copying the intermediate certificate and pasting it after the regular certificate (keeping the "BEGIN" and "END" lines).

    Then, I inserted the combined key into /etc/ssl/ directly. After doing this, I added my private key to a new folder I created in etc named "keys" (/etc/keys/).

    Lastly, I referenced my SSL in the "default" file in /etc/nginx/sites-available/default

    listen 443 ssl default_server;
    ssl on;
    ssl_certificate /etc/ssl/zbgamewiki.com_ssl_bundle.cer;
    ssl_certificate_key /etc/keys/_.zbgamewiki.com_private_key.key;
    

    And restarted nginx via sudo systemctl reload nginx

  • Topic has been marked as solved  RandomAnimeGamer RandomAnimeGamer 
  • Referenced by  RandomAnimeGamer RandomAnimeGamer 

Suggested Topics

| | |

© 2014 – 2022 NodeBB, Inc. — Made in Canada.