Home > Software engineering >  How to set up strapi through Nginx with SSL
How to set up strapi through Nginx with SSL

Time:01-30

I'm working on digitalOcean droplets.

https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/deployment/optional-software/nginx-proxy.html#strapi-server

I've been trying to follow this guide for hours now, but I just can't get it to work. When I try to connect, I get 502 bad gateway, don't know what that means. When I had just the 8011 port enabled through firewall and connected to the port directly through the DNS, it worked fine.

doing nginx -t says that syntax is fine, I tried restarting the service many times, the keys work.

/etc/nginx/conf.d/upstream.conf:

# Strapi server
upstream strapi {
  server 127.0.0.1:8011;
}

etc/nginx/sites-available/default:

server {
        # Listen HTTP
        listen 80;
        server_name losslessly-api.djkato.net;

        # Redirect HTTP to HTTPS
        return 301 https://$host$request_uri;
}

server {
        # SSL configuration
        #
        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate     /etc/nginx/certificate/losslessly-api.djkato.net.crt;
        ssl_certificate_key /etc/nginx/certificate/losslessly-api.djkato.net.key;

        server_name losslessly-api.djkato.net;

        # Proxy Config
        location / {
        proxy_pass http://strapi;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;
    }
}

./config/server.js:

module.exports = ({ env }) => ({
  host: env('HOST', '0.0.0.0'),
  port: env.int('PORT', 8011),
  url: 'https://losslessly-api.djkato.net',
});

sudo ufw status:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
8011/tcp                   DENY        Anywhere
Nginx HTTP                 ALLOW       Anywhere
Nginx HTTPS                ALLOW       Anywhere
8011                       DENY        Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
8011/tcp (v6)              DENY        Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
Nginx HTTPS (v6)           ALLOW       Anywhere (v6)
8011 (v6)                  DENY        Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

CodePudding user response:

I did a netstat -tulpn | grep LISTEN and found out that my app wasn't listening on localhost, but the public IP. Looking at my strapis .env file I realised that I setHOST:{public ip}, not APP_URL:{public ip}, meaning my upstream connection was on the wrong IP. Fixing my env file solved it.

  • Related