NodeBB worked fine on a subdomain. However, I want to use HTTPS instead of HTTP, and I don't want to buy 2 certificates (or a wildcard certificate), so I'm trying to move it from http://forum.mydomain.com
towards https://www.mydomain.com/forum
in order to avoid getting an "incorrect common name" browser security warning. But I can't get it to work.
When I try to visit it, I get nginx's standard message
An error occurred. Sorry, the page you are looking for is currently unavailable. Please try again later. If you are the system administrator of this resource then you should check the error log for details. Faithfully yours, nginx.
The error log (/var/log/nginx/error.log
) says:
2016/10/31 21:59:26 [error] 159#159: *2 upstream prematurely closed connection while reading response header from upstream, client: MyIPAddressHere, server: www.mydomain.com, request: "GET /forum HTTP/1.1", upstream: "http://127.0.0.1:4567/", host: "www.mydomain.com"
This is my nginx config:
### redirects http requests to https
server {
listen 80;
server_name www.mydomain.com;
return 302 https://$server_name$request_uri;
}
### the https server
server {
listen 443 ssl;
server_name www.mydomain.com;
root /home/myusername/www/mydomain;
location / {
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
ssl_certificate /etc/nginx/ssl/mydomain_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain_com/mydomain.key;
# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location /forum {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
This is my config.json
:
{
"url": "https://www.mydomain.com/forum",
"secret": "mysecret",
"database": "redis",
"redis": {
"host": "127.0.0.1",
"port": "6379",
"password": "mypassword",
"database": "0"
}
}
I'm sure it's something really simple and I'm just overlooking something. Could anybody spot it for me? Thanks a lot!