Running Haskell servant over https with nginx

Question

I'm trying to figure how I can properly run Servant API endpoint over https with nginx.

So to go through what I've done. So I thought I would probably need to setup Servant so it would communicate over https. So I added this to my code

  Development -> run port $ logStdoutDev $ corsWithContentType $ app cfg
  Production  -> runTLS (tlsSettings "./certs/fullchain1.pem" "./certs/privkey1.pem")
                        (setPort port defaultSettings)
                        (corsWithContentType $ app cfg)

So the Production clause here is what runs on my production server. I then have this in nginx

upstream api_server {
    server 127.0.0.1:8081;
}


location /api {
    proxy_set_header Host $host;
    proxy_pass http://api_server;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

With this setup I perform an ajax request from the page (which is properly running over https). However when I do this I get a response from the Servant server

InsecureConnectionDenied

As if my ajax request is insecure. It was my belief that if I'm making an ajax request form a page with https that request is secure.

If I skip all of this and just run Servant without TLS I get a 405 Method Not Allowed when trying to post. I know this is connected to the https because when I perform a request straight to the IP:PORT of the api it works. What could be the issue here?

Answer 1

This was because of my "/api" prefix in the nginx config. The request got sent to Servant as "/api/registrations" but should have been "/registrations". Misconfiguration in nginx, nothing to do with Servant and https.