admin管理员组文章数量:1384197
I have an ubuntu server running on linode. and a domain from cloudflare.
I'm running StrapiJs on my Ubuntu server, it's configured and is running on port 8081, then I have nginx on my server to redirect requests from port 80 to 8081.
My domain in cloudflare has A and AAAA which both are pointing to the correct IPs of my linode server.
The only issue is I want to enable Https, so I've tried editing my nginx config along with using certbot, Here's how along with the initial nginx config I used:
initial nginx config /etc/nginx/nginx.conf:
events {
worker_connections 768; # multi_accept on;
}
http {
server {
listen 80;
server_name mydomain;
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
}
}
So I first install certbot:
sudo apt update
sudo apt upgrade
sudo apt install certbot
and the plugin:
sudo apt install python3-certbot-nginx
then I created the ssl certificate using certbot:
sudo certbot --nginx -d mydomain
After that, it generated the certificates verified them and modified my nginx config automatically:
events {
worker_connections 768; # multi_accept on;
}
http {
server { # Listen on port 443 for HTTPS
server_name mydomain; # Replace with your domain
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/dash.levelup.configfan/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dash.levelup.configfan/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain;
return 404; # managed by Certbot
}}
Made sure all is good with sudo nginx -t and reloaded it manually using sudo nginx -s reload.
now when I visit the ip address it automatically redirects to https which is good, but it says that the certificate is verified with another domain, hence the browser still shows warning about security. but I still can tap on advanced and proceed, However when I visit my domain I still get redirected to https but it refuses to load anything there's no page loading, and I get something like:
This site can’t provide a secure connection
*** uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I appreciate any help, I've tried a few more attempts after that, but all my attempts failed, and I'm looking for what to try next.
Note: in this question you will find mydomain showed in the config examples I gave, I've used my actual domain and the example domain here is just for the purpose of posting this question publicly.
I have an ubuntu server running on linode. and a domain from cloudflare.
I'm running StrapiJs on my Ubuntu server, it's configured and is running on port 8081, then I have nginx on my server to redirect requests from port 80 to 8081.
My domain in cloudflare has A and AAAA which both are pointing to the correct IPs of my linode server.
The only issue is I want to enable Https, so I've tried editing my nginx config along with using certbot, Here's how along with the initial nginx config I used:
initial nginx config /etc/nginx/nginx.conf:
events {
worker_connections 768; # multi_accept on;
}
http {
server {
listen 80;
server_name mydomain;
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
}
}
So I first install certbot:
sudo apt update
sudo apt upgrade
sudo apt install certbot
and the plugin:
sudo apt install python3-certbot-nginx
then I created the ssl certificate using certbot:
sudo certbot --nginx -d mydomain
After that, it generated the certificates verified them and modified my nginx config automatically:
events {
worker_connections 768; # multi_accept on;
}
http {
server { # Listen on port 443 for HTTPS
server_name mydomain; # Replace with your domain
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/dash.levelup.configfan/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dash.levelup.configfan/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain;
return 404; # managed by Certbot
}}
Made sure all is good with sudo nginx -t and reloaded it manually using sudo nginx -s reload.
now when I visit the ip address it automatically redirects to https which is good, but it says that the certificate is verified with another domain, hence the browser still shows warning about security. but I still can tap on advanced and proceed, However when I visit my domain I still get redirected to https but it refuses to load anything there's no page loading, and I get something like:
This site can’t provide a secure connection
*** uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I appreciate any help, I've tried a few more attempts after that, but all my attempts failed, and I'm looking for what to try next.
Note: in this question you will find mydomain showed in the config examples I gave, I've used my actual domain and the example domain here is just for the purpose of posting this question publicly.
1 Answer
Reset to default 0I'm going to provide an answer to my own question, certainly found a way to workaround this issue for now, I will however not mark this as the best answer because I know this might not always be the ideal solution. (and because this answer might not include detailed information). However it can be used in this use case.
So the solution now is to go to cloudflare and edit both records and disable the proxy option.
After that visiting my domain loads my website correctly with https without any issues.
本文标签: cloudflareRunning a secure Https connection in nginx for a node (StrapiJs) applicationStack Overflow
版权声明:本文标题:cloudflare - Running a secure Https connection in nginx for a node (StrapiJs) application - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744527904a2610854.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论