I have node.js app that runs in https://localhost:8080
and it has localhost.crt
and localhost.key
i want set server with nginx redirect to https://app.example.com
(i have installed another certificate with certbot on this sub domain) now im getting
Unknown ALPN Protocol, expected h2 to be available.If this is a HTTP request: The server was not configured with the allowHTTP1 option or a listener for the unknownProtocol event.
in browser, can someone help me with correct nginx server config? Screenshot also i'm using Digitalocean Droplets with ubuntu 16.04 to setup this here is nginx server i have set.
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name app.mydomain.com;
ssl_certificate /root/apps/app.mydomain.com/localhost.crt;
ssl_certificate_key /root/apps/app.mydomain.com/localhost.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/app.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://localhost:8080;
proxy_read_timeout 90;
proxy_redirect https://localhost:8080 https://app.mydomain.com;
}
}
This:
listen 443;
Should be this:
listen 443 ssl;
Why do you want to proxy traffic to 127.0.0.1 via https? Seems unnecessary
Try this configuration, Hope it works. All the headers are not required it's based on your applications need and how you are serving the requests fro your application.
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name app.mydomain.com;
ssl on;
ssl_certificate_key /root/apps/app.mydomain.com/localhost.key;
ssl_certificate /root/apps/app.mydomain.com/localhost.crt;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/app.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://localhost:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 300s;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.