Ad

Nginx Server Http To Https

- 1 answer

I installed NginX to my nodeJS server and already made Certbot SSL authentication. Everything is working fine, but when i delete cookies and going to page, its load in http. Is there any way to redirect into https? When i write "return 301 https://maarath.com$request_uri;", its going to error: too many redirects. Someone any idea? My config:

server {

listen       80;
    server_name ujhonlapod.hu www.ujhonlapod.hu;

   location / {
    
    proxy_pass http://localhost:3000; # Change the port if needed
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
   

   }
listen 443 ssl; # managed by Certbot
    server_name ujhonlapod.hu www.ujhonlapod.hu;
    ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot
    add_header Content-Security-Policy upgrade-insecure-requests;

}

Thanks for the answers.

Ad

Answer

Are you using the certbot plugin for nginx? It doesn't look like. You should remove this part

listen 443 ssl; # managed by Certbot
    server_name ujhonlapod.hu www.ujhonlapod.hu;
    ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot
    add_header Content-Security-Policy upgrade-insecure-requests;

and clean up your config to just listen on port 80.

server {

listen       80;
server_name ujhonlapod.hu www.ujhonlapod.hu;

   location / {
    
    proxy_pass http://localhost:3000; # Change the port if needed
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;  

   }
}

Reload nginx nginx -s reload

Run certbot sudo certbot --nginx

This should create the correct configuration for you.

Personally I would always!! split the http and https traffic in two server blocks like

server {
  listen 80;
  server_name example.com;

  if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

server {
  listen 443;
  server_name example.com;
  .....

}

I would really recommend to use the plugin to manage the NGINX configuration if not a 100% aware on how to manage the configuration and certificates by your self. With certbot it is an act of 2 minutes to make it work.

Read more here: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal

Ad
source: stackoverflow.com
Ad