I installed NginX to my nodeJS server and already made Certbot SSL authentication. Everything is working fine, but when i delete cookies and going to page, its load in http. Is there any way to redirect into https? When i write "return 301 https://maarath.com$request_uri;", its going to error: too many redirects. Someone any idea? My config:
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
}
Thanks for the answers.
CodePudding user response:
Are you using the certbot plugin for nginx? It doesn't look like. You should remove this part
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
and clean up your config to just listen on port 80.
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
Reload nginx nginx -s reload
Run certbot sudo certbot --nginx
This should create the correct configuration for you.
Personally I would always!! split the http and https traffic in two server blocks like
server {
listen 80;
server_name example.com;
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443;
server_name example.com;
.....
}
I would really recommend to use the plugin to manage the NGINX configuration if not a 100% aware on how to manage the configuration and certificates by your self. With certbot it is an act of 2 minutes to make it work.
Read more here: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal