Digitalocean deploying node https app with nginx
Question
I am running my application in a Digitalocean droplet using nginx i have found out that if i run my app with http it works perfectly, but when i run it with https nginx gives me 502 BAD GATEWAY , i have tried other digitalocean guides and searched around stackoverflow and never found the solution so i thought about making this post.
NGINX DEFAULT FILE:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydomain.io www.mydomain.io;
ssl_certificate /home/myapp/ssl/myapp.crt;
ssl_certificate_key /home/myapp/ssl/myapp.key;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
MY APP CODE:
const express = require("express");
//const http = require('http');
const https = require('https');
const helmet = require("helmet");
const cors = require("cors");
const fs = require("fs");
const path = require("path");
const app = express();
const config = require("./config");
const passport = require("passport");
const credentials = { key: fs.readFileSync('ssl/myapp.key', 'utf-8'), cert: fs.readFileSync('ssl/myapp.crt', 'utf-8'), ca: fs.readFileSync('ssl/myapp.ca-bundle', 'utf-8') };
app.use(helmet());
app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(
require("express-session")({
secret: require("./config.json").app.secretKey,
resave: false,
saveUninitialized: true,
cookie: {
secure: false,
maxAge: 60 * 60 * 1000 * 24 * 365,
},
})
);
app.use(passport.initialize());
app.use(passport.session());
passport.use(require("./service/passport"));
app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "views"));
app.use(express.static(path.join(__dirname, "views")));
app.use('/', require('./api/home'));
app.use("/auth", require("./api/auth"));
app.use("/user", require("./api/user"));
app.get('/tos',(req,res)=>{
res.render('tos');
});
//var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(config.app.port,'localhost',()=>{
console.log("App started on port:"+config.app.port);
});
I am new to nginx can someone explain how to do this?
3 answers
solution1
3 ACCPTED 2020-09-30 17:08:11
Your App Code is running using HTTPS, while NGINX is proxy_pass is using http://localhost:3000.
To fix the issue there are two ways:
- Update the proxy_pass with the https://localhost:3000 and restart NGINX
- Use HTTP instead of HTTPS at the APP level and restart the application
Any option will fix the issue, least effort would be using option one.
solution2
2 2020-09-29 09:48:34
I have multiple servers running node.js applications on 80 as well as 443 perfectly fine.
I will prefer you to use the configuration I use-
server {
server_name yourdomain.com;
proxy_buffering off;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = yourdomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 0.0.0.0:80;
server_name yourdomain.com;
return 404; # managed by Certbot
}
I mainly use Certbot for my SSL certificates you can use anything else you want!
solution3
1 2020-10-01 09:31:49
You no need to change anything in the application and continue using HTTP, Nginx will serve https requests and redirect HTTP to your application.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.