Fresh install - ERR_CONNECTION_REFUSED on HTTPS

RandomAnimeGamer

I followed the guide listed here on an IONOS VPS running Ubuntu 20.04.

After my install, I noticed that my domain started responding with "ERR_CONNECTION_REFUSED" when navigating to it via HTTPS (HTTP Navigation works fine). Prior, I was receiving DNS_PROBE_FINISHED_NXDOMAIN and had updated my DNS to point to the aforementioned IONOS VPS Server.

Is this error being caused by nodeBB itself, or is it due to the DNS Propogation process? The logs seem to indicate everything is running fine, but I'm not 100% sure since I'm new to this all. Is there a possibility that NodeBB isn't configured properly for https?

2022-06-01T07:28:25.576Z [4567/5071] - info: [socket.io] Restricting access to origin: http://zbgamewiki.com:*

2022-06-01T07:28:25.788Z [4567/5071] - warn: [plugins/load] The following plugins may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing. In the event of an unresponsive NodeBB caused by this plugin, run `./nodebb reset -p PLUGINNAME` to disable it.
  * nodebb-plugin-emoji

2022-06-01T07:28:25.911Z [4567/5071] - info: [api] Adding 0 route(s) to `api/v3/plugins`
2022-06-01T07:28:25.956Z [4567/5071] - info: [router] Routes added
2022-06-01T07:28:25.961Z [4567/5071] - info: NodeBB Ready
2022-06-01T07:28:25.962Z [4567/5071] - info: Enabling 'trust proxy'
2022-06-01T07:28:25.964Z [4567/5071] - info: NodeBB is now listening on: 0.0.0.0:4567

RandomAnimeGamer

So after doing a lot of digging, I found out that the error was that NGINX needs to be configured for the SSL. This isn't really mentioned in the Ubuntu nodeBB guide, and the NGINX configuration guide linked on it is a dead link.

First, I needed to combine my certificate and intermediate certificate (If you have a root certificate, you combine it as well) into one .cert file. This amounted to just copying the intermediate certificate and pasting it after the regular certificate (keeping the "BEGIN" and "END" lines).

Then, I inserted the combined key into /etc/ssl/ directly. After doing this, I added my private key to a new folder I created in etc named "keys" (/etc/keys/).

Lastly, I referenced my SSL in the "default" file in /etc/nginx/sites-available/default

listen 443 ssl default_server;
ssl on;
ssl_certificate /etc/ssl/zbgamewiki.com_ssl_bundle.cer;
ssl_certificate_key /etc/keys/_.zbgamewiki.com_private_key.key;

And restarted nginx via sudo systemctl reload nginx

phenomlab

@RandomAnimeGamer said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

zbgamewiki.com

Likely DNS propagation issue at this stage - see https://www.whatsmydns.net/#A/zbgamewiki.com

RandomAnimeGamer

@phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

@RandomAnimeGamer said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

zbgamewiki.com

Likely DNS propagation issue at this stage - see https://www.whatsmydns.net/#A/zbgamewiki.com

It appears most of those servers are routing from my DNS to the correct IP Address. Forgive my ignorance, does DNS affect HTTPS separately from HTTP?

phenomlab

@RandomAnimeGamer said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

Forgive my ignorance, does DNS affect HTTPS separately from HTTP?

No, not at all. It's simply used as a hostname to IP address mapping system. Can you post your NGINX config ?

RandomAnimeGamer

@phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

No, not at all. It's simply used as a hostname to IP address mapping system. Can you post your NGINX config ?

  1 server {
  2     listen 80;
  3
  4     server_name zbgamewiki.com;
  5
  6     location / {
  7         proxy_set_header X-Real-IP $remote_addr;
  8         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  9         proxy_set_header X-Forwarded-Proto $scheme;
 10         proxy_set_header Host $http_host;
 11         proxy_set_header X-NginX-Proxy true;
 12
 13         proxy_pass http://127.0.0.1:4567;
 14         proxy_redirect off;
 15
 16         # Socket.IO Support
 17         proxy_http_version 1.1;
 18         proxy_set_header Upgrade $http_upgrade;
 19         proxy_set_header Connection "upgrade";
 20     }
 21 }

phenomlab

@RandomAnimeGamer What's the URL in config.json set to ?

RandomAnimeGamer

@phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

@RandomAnimeGamer What's the URL in config.json set to ?

http://zbgamewiki.com:4567

julian

@RandomAnimeGamer It looks like you don't have an SSL certificate set up, nor is your config.json expecting the site to be reached by an https url.

So that may explain why you're seeing issues connecting via HTTPS?

RandomAnimeGamer

@julian said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

@RandomAnimeGamer It looks like you don't have an SSL certificate set up, nor is your config.json expecting the site to be reached by an https url.

So that may explain why you're seeing issues connecting via HTTPS?

No, my SSL is set up with my hosting provider, who is also the company I've bought my domain for.

Should my config.json specify HTTPS? I thought it would allow both, and I would just redirect HTTP to HTTPS via htaccess or web.config. I was afraid to set up that redirection rule because it wasn't loading on HTTPS at all.

phenomlab

@RandomAnimeGamer if you intend to have the site hosted on https, then yes, this needs to be reflected in your config.json which is why I asked

RandomAnimeGamer

@phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

@RandomAnimeGamer if you intend to have the site hosted on https, then yes, this needs to be reflected in your config.json which is why I asked

This is very strange. I updated my config.json to point to HTTPS, but it still only loads in HTTP. I even did a build and restart.

NodeBB Log:

root@localhost:/etc/nodebb# ./nodebb log

Hit Ctrl-C to exit


  * nodebb-plugin-mentions
  * nodebb-rewards-essentials
  * nodebb-theme-oxide

2022-06-01T21:57:16.362Z [4567/17567] - info: [api] Adding 0 route(s) to `api/v3/plugins`
2022-06-01T21:57:16.383Z [4567/17567] - info: [router] Routes added
2022-06-01T21:57:16.387Z [4567/17567] - info: NodeBB Ready
2022-06-01T21:57:16.388Z [4567/17567] - info: Enabling 'trust proxy'
2022-06-01T21:57:16.390Z [4567/17567] - info: NodeBB is now listening on: 0.0.0.0:4567
2022-06-01T21:57:16.391Z [4567/17567] - info: Canonical URL: https://zbgamewiki.com:4567

phenomlab

@RandomAnimeGamer do you get the same issue if you try with an incognito session ?

RandomAnimeGamer

@phenomlab said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

@RandomAnimeGamer do you get the same issue if you try with an incognito session ?

Yep, same behavior on Incognito

RandomAnimeGamer

In case anyone was wondering if this was a temporary "wait a bit of time for it to propogate/update" issue, I'm still seeing the issue today on Incognito. HTTPS gives ERR_CONNECTION_REFUSED, HTTP connects.

Update: I tried getting nginx to listen for 443 instead of 80, rebuilt nodeBB and restarted, I still see the same issue after closing / re-opening incognito.

Update 2: Looked at the source of a resulting page and found:
<link rel="up" href="https://zbgamewiki.com:4567" />

Any requests that go to HTTPS internally result in a timeout on the network tab, and a console error is generated as a result.

julian

@RandomAnimeGamer If your domain registrar handles SSL for you, that's fine. You can leave your nginx config as-is (listening on port 80).

Change your config.url to https://zbgamewiki.com

What does nginx -t say?

RandomAnimeGamer

@julian said in Fresh install - ERR_CONNECTION_REFUSED on HTTPS:

@RandomAnimeGamer If your domain registrar handles SSL for you, that's fine. You can leave your nginx config as-is (listening on port 80).

Change your config.url to https://zbgamewiki.com

What does nginx -t say?

I did change my config url to https://zbgamewiki.com to no avail. I am trying one thing real quick (building and restarting nodebb) but after that I'll edit this post and show what nginx -t says.

Edit: After changing nginx back to listening on port 80, then running nginx -t, I get this:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Edit 2: nginx config for zbgamewiki.com:

  1 server {
  2     listen 80;
  3
  4     server_name zbgamewiki.com;
  5
  6     location / {
  7         proxy_set_header X-Real-IP $remote_addr;
  8         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  9         proxy_set_header X-Forwarded-Proto $scheme;
 10         proxy_set_header Host $http_host;
 11         proxy_set_header X-NginX-Proxy true;
 12
 13         proxy_pass http://127.0.0.1:4567;
 14         proxy_redirect off;
 15
 16         # Socket.IO Support
 17         proxy_http_version 1.1;
 18         proxy_set_header Upgrade $http_upgrade;
 19         proxy_set_header Connection "upgrade";
 20     }
 21 }
 22

RandomAnimeGamer

So after doing a lot of digging, I found out that the error was that NGINX needs to be configured for the SSL. This isn't really mentioned in the Ubuntu nodeBB guide, and the NGINX configuration guide linked on it is a dead link.

First, I needed to combine my certificate and intermediate certificate (If you have a root certificate, you combine it as well) into one .cert file. This amounted to just copying the intermediate certificate and pasting it after the regular certificate (keeping the "BEGIN" and "END" lines).

Then, I inserted the combined key into /etc/ssl/ directly. After doing this, I added my private key to a new folder I created in etc named "keys" (/etc/keys/).

Lastly, I referenced my SSL in the "default" file in /etc/nginx/sites-available/default

listen 443 ssl default_server;
ssl on;
ssl_certificate /etc/ssl/zbgamewiki.com_ssl_bundle.cer;
ssl_certificate_key /etc/keys/_.zbgamewiki.com_private_key.key;

And restarted nginx via sudo systemctl reload nginx