Reputation: 551
Adding an SSL (PORT 443) to an Nginx Reverse Proxy Server (PORT 80) - Nginx Config File
Using Ubuntu I generated an SSL using Certbot. This has automatically updated my Nginx configuration file and added an additional listening port. I'm concerned whether I only need to listen for one PORT (80 or 443) and not both, but I'm unable to find the relevant information on whether I need to remove the listening for PORT 80. Please see my configuration file below:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
root /var/www/html;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.domain.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name my.domain.co.uk;
return 404; # managed by Certbot
}
Now that Certbot has added the code to a separate server block, do I need to remove where my initial server block listens at port 80? I had a problem with an old server crashing overnight whenever it was used and I feel it was something related to the Nginx config file that was similar to this.
Sorry if this question is stupid, I'm not very experienced with this and find it tremendously difficult, unfortunately. Thank you for any insight.
Upvotes: 2
Views: 13846
Answers (1)
Reputation: 884
You did not include exactly what you wanted (e.g. which application should serve requests on which ports and what should be done with HTTP requests) but I shall assume that
- All port 80 requests are HTTP and all 443 requests are HTTPS.
- You want all HTTP requests to be redirected to HTTPS
- All HTTPS requests should be passed to node
If so, this is probably what you actually want:
server {
root /var/www/html;
server_name my.domain.co.uk;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.domain.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name my.domain.co.uk;
return 404; # managed by Certbot
}
The first server block handles only HTTPS requests and passes all requests to node. The second server block handles only HTTP requests and redirects them to HTTPS.
Upvotes: 3
Related Questions
- Setup websocket nginx proxy to node.js using ssl from certbot
- How do I configure an ssl certificate with Nginx on Ubuntu 18.04?
- Serve a NodeJS HTTPS app, in NGINX via proxy_pass
- Enabling HTTPS on NGINX for a node js application is not working
- Nginx ssl with a custom port configuration fails
- Difficulties configuring nginx for Https
- NGINX reverse proxy to node HTTPS
- nginx proxy pass Node, SSL?
- Binding a Node.js Application on a Port with Nginx
- Nginx Reverse proxy force https