SSL : yes or not


  • GNU/Linux

    @a_5mith said:

    @djcyry Life

    Can you please show me your code?
    I have install it but :

    http://www.hercio.net/ - works ok .
    https://www.hercio.net/ - default nginx page .




  • GNU/Linux

    @a_5mith said:

    Use https://community.nodebb.org/topic/7183/which-file-to-edit-when-getting-rid-of-the-4567-port-number/5

    Just replace all references of that URL and IP with yours.

    No results..



  • @djcyry did you restart nginx?


  • GNU/Linux

    @a_5mith said:

    @djcyry did you restart nginx?

    Sure .
    I have installed the ssl , everything ok .
    But is not redirected , and if is do , is redirectiing to nginx default page . (with https)



  • What's your. Nginx? Port 80 should redirect. 443 should load your site.

    What's the content of your site in sites-available?


  • GNU/Linux

    @a_5mith said:

    What's your. Nginx? Port 80 should redirect. 443 should load your site.

    What's the content of your site in sites-available?

    Without ssl , this :

    server {
    listen 80;
    server_name www.hercio.net;

    #charset koi8-r;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Nginx-Proxy true;
        proxy_pass http://62.75.159.105:4567;
        proxy_redirect off;
    
        # Socket.IO Support
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
    

    }
    }

    server {
    listen 80;
    server_name www.nodebb.es;

    #charset koi8-r;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Nginx-Proxy true;
        proxy_pass http://62.75.159.105:4568;
        proxy_redirect off;
    
        # Socket.IO Support
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
    

    }
    }

    server {
    listen 80;
    server_name hercio.net;

    return 301 http://www.hercio.net$request_uri;
    

    }

    server {
    listen 80;
    server_name www.hercio.net;

    return 301 http://www.hercio.net$request_uri;
    

    }

    server {
    listen 80;
    server_name nodebb.es;

    return 301 http://www.nodebb.es$request_uri;
    

    }

    server {
    listen 80;
    server_name www.nodebb.es;

    return 301 http://www.nodebb.es$request_uri;
    

    }



  • Here's mine. Compare:

    
    server {
        client_max_body_size 40M;
        listen 443 ssl;
        server_name 35hz.co.uk;
        ssl          on;
        ssl_certificate /etc/letsencrypt/live/35hz.co.uk/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/35hz.co.uk/privkey.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://188.226.239.27:4567;
            proxy_redirect off;
    
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    
        }
    }
    server {
        client_max_body_size 40M;
        listen 80;
        server_name 35hz.co.uk;
        rewrite        ^ https://$server_name$request_uri? permanent;
    }
    
    

  • GNU/Linux

    @a_5mith said:

    Here's mine. Compare:

    
    server {
        client_max_body_size 40M;
        listen 443 ssl;
        server_name 35hz.co.uk;
        ssl          on;
        ssl_certificate /etc/letsencrypt/live/35hz.co.uk/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/35hz.co.uk/privkey.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://188.226.239.27:4567;
            proxy_redirect off;
    
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    
        }
    }
    server {
        client_max_body_size 40M;
        listen 80;
        server_name 35hz.co.uk;
        rewrite        ^ https://$server_name$request_uri? permanent;
    }
    
    

    Thanks @a_5mith .
    Look at this :

    https://hercio.net/ - ssl works without www.
    https://www.hercio.net/ - ssl works with www

    https://nodebb.es/ - ssl works without www.
    https://www.nodebb.es/ - ssl not works with www

    Both forums are hosted on same server, same configuration , etc ...any idea?


  • Admin

    @djcyry

    0_1450812333479_Selection_052.png

    Your configuration for nodebb.es is serving the SSL certificate for hercio.net



  • @djcyry So we run it behind a reverse proxy too. Here's the config:

    HTTP (file include)

    server {
      listen 80;
      server_name www.social.example.com social.example.com;
      return 301 https://social.example.com$request_uri;
    }
    

    HTTPS (file include)

    server {
    
        listen 443 ssl;
        server_name www.social.example.com social.example.com;
    
        ssl_certificate /etc/nginx/ssl/example.crt;
        ssl_certificate_key /etc/nginx/ssl/example.key;
    
        # SSL caching override
        ssl_session_cache shared:SSL:10m;
    
        # Enable long duration HSTS
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Host $http_host;
    
        proxy_redirect off;
        #proxy_next_upstream off;
    
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    
        include /var/www/social.example.com/conf/error.conf;
    
        location @nodebb {
            proxy_pass http://io_nodes;
        }
    
        location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
            root /srv/http/domain/example.com/social/public/;
            try_files $uri $uri/ @nodebb;
        }
    
        location / {
    
            # These need to be defined in the location block to
            # override express status message handler
            error_page 404 /404.html;
            error_page 502 /502.html;
            error_page 503 /503.html;
    
            proxy_intercept_errors on;
    
            client_max_body_size 10M;
    
            proxy_pass http://io_nodes;
        }
    
    }
    

    Also the following upstream (2 workers):

    upstream io_nodes {
        server 127.0.1.4:4567;
        server 127.0.1.4:4568;
    }
    

    Finally, also a upstream loopback in /etc/hosts

    127.0.1.4 nbb.node.example.com
    

    Note that we defined both server names, www.social.example.com and social.example.com


  • GNU/Linux

    @julian
    @supersym

    It·s fixed but , its respond with www and without www , i want to
    redirect all to www. ..any idea? thanks

    in my config /etc/nginx/conf.d/.conf i have :

    server {
    listen 80;
    server_name www.hercio.net hercio.net;
    return 301 https://hercio.net$request_uri;
    }

    server {
    listen 80;
    server_name www.nodebb.es nodebb.es;
    return 301 https://nodebb.es$request_uri;
    }

    I restarting nginx but still responding from both.


  • Plugin & Theme Dev

    @djcyry changing return 301 https://nodebb.es$request_uri; to return 301 https://www.nodebb.es$request_uri; should do it I think


  • GNU/Linux

    @pichalite said:

    @djcyry changing return 301 https://nodebb.es$request_uri; to return 301 https://www.nodebb.es$request_uri; should do it I think

    I have change it , not redirect .


 

| |