I need https to be the default way my site is served, I chose option 2 during letsencrypt cert generation. I have https working on my site. It is a simple HTML page being served up by nodejs on port 3000. It is hosted in Oracle Cloud currently. I have opened the ports in iptables as Oracle does not use ufw.
If I go to https://www.example.com , the site loads securely so things are working. If I go to http://www.example.com , the site also loads but not securely obviously. If I go to example.com, the site loads in http, not https.
I am having trouble wrapping my mind around how I should write my nginx config file.
I need to proxy_pass using http to port 3000, but when I change the proxy_pass to https
proxy_pass https://localhost:3000;
It fails to load anything and that somewhat makes sense to me because my nodejs app does not have any code to support https and I was under the impression that nginx can handle all of that for me. That line of thinking is further supported because like I said above, https://www.example.com works just fine for my site now. Below is my config with my server name removed. Please let me know how to best do what I am trying to accomplish.
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:3000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}```
Thank you to Marc, it seems like my config was created strangely and certbot added in things slightly out of order to where it was getting confusing but I have figured it out. Like Marc said, redirect all 80 to https. In https server, make sure you have your certificates and proxy_pass there to your port 3000, or wherever your app is running.
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:3000;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.