what should i do for https in nginx/express?











up vote
1
down vote

favorite












my purpose...




  1. client ------> 80 port.

  2. 80 ----------> 443 (by nginx, for https)

  3. 443 ---------> 3000 (by nginx)

  4. express server is waiting on port 3000.


When i tried connecting to the domain name, i just got cannot connect site, domain.com deny your access



nginx settings - /etc/nginx/sites-available/default



> # HTTP server {
> listen 80 default_server;
> listen [::]:80 default_server;
> server_name domain.com www.domain.com;
>
> access_log /var/log/nginx/domain.access.log;
> error_log /var/log/nginx/error.log;
>
> # redirect to https
> return 301 https://$server_name$request_uri; }

> # HTTPS server {
> listen 443 ssl;
> listen [::]:443 ssl;
> #server_name domain.com www.domain.com;
>
> access_log /var/log/nginx/domain.access.log;
> error_log /var/log/nginx/error.log;
>
> ssl on;
>
> # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
> ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
> ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
>
> ssl_session_timeout 1d;
> ssl_session_cache shared:SSL:50m;
> ssl_session_tickets off;
>
> # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
> ssl_dhparam /etc/letsencrypt/live/www.domain.com/dhparam.pem;
>
> # intermediate configuration. tweak to your needs.
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
> ssl_prefer_server_ciphers on;
>
> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months
> add_header Strict-Transport-Security max-age=15768000;
> # OCSP Stapling ---
> # fetch OCSP records from URL in ssl_certificate and cache them
> ssl_stapling on;
> ssl_stapling_verify on;
>
> # verify chain of trust of OCSP response using Root CA and Intermediate certs
> ssl_trusted_certificate /etc/letsencrypt/live/www.domain.com/chain.pem;
>
> resolver 8.8.8.8 8.8.4.4 valid=86400;
> resolver_timeout 10;
>
> location / {
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Host $host;
> proxy_set_header X-NginX-Proxy true;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-Proto https;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> #additional settings
> proxy_read_timeout 300;
> proxy_connect_timeout 300;
>
> proxy_pass http://localhost:3000;
> proxy_redirect off;
> proxy_http_version 1.1;
> } }


nodejs settings



require('@babel/polyfill'); 
const app = require('./app');
const debug = require('debug')('learn-express:server');
const http = require('http');
require('dotenv').config();

const port = normalizePort(process.env.http_port);
app.listen(port, () => {
console.log('Server is running on port '+port);
});









share|improve this question




























    up vote
    1
    down vote

    favorite












    my purpose...




    1. client ------> 80 port.

    2. 80 ----------> 443 (by nginx, for https)

    3. 443 ---------> 3000 (by nginx)

    4. express server is waiting on port 3000.


    When i tried connecting to the domain name, i just got cannot connect site, domain.com deny your access



    nginx settings - /etc/nginx/sites-available/default



    > # HTTP server {
    > listen 80 default_server;
    > listen [::]:80 default_server;
    > server_name domain.com www.domain.com;
    >
    > access_log /var/log/nginx/domain.access.log;
    > error_log /var/log/nginx/error.log;
    >
    > # redirect to https
    > return 301 https://$server_name$request_uri; }

    > # HTTPS server {
    > listen 443 ssl;
    > listen [::]:443 ssl;
    > #server_name domain.com www.domain.com;
    >
    > access_log /var/log/nginx/domain.access.log;
    > error_log /var/log/nginx/error.log;
    >
    > ssl on;
    >
    > # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    > ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
    > ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
    >
    > ssl_session_timeout 1d;
    > ssl_session_cache shared:SSL:50m;
    > ssl_session_tickets off;
    >
    > # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    > ssl_dhparam /etc/letsencrypt/live/www.domain.com/dhparam.pem;
    >
    > # intermediate configuration. tweak to your needs.
    > ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    > ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
    > ssl_prefer_server_ciphers on;
    >
    > # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months
    > add_header Strict-Transport-Security max-age=15768000;
    > # OCSP Stapling ---
    > # fetch OCSP records from URL in ssl_certificate and cache them
    > ssl_stapling on;
    > ssl_stapling_verify on;
    >
    > # verify chain of trust of OCSP response using Root CA and Intermediate certs
    > ssl_trusted_certificate /etc/letsencrypt/live/www.domain.com/chain.pem;
    >
    > resolver 8.8.8.8 8.8.4.4 valid=86400;
    > resolver_timeout 10;
    >
    > location / {
    > proxy_set_header Upgrade $http_upgrade;
    > proxy_set_header Host $host;
    > proxy_set_header X-NginX-Proxy true;
    > proxy_set_header X-Real-IP $remote_addr;
    > proxy_set_header X-Forwarded-Proto https;
    > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    >
    > #additional settings
    > proxy_read_timeout 300;
    > proxy_connect_timeout 300;
    >
    > proxy_pass http://localhost:3000;
    > proxy_redirect off;
    > proxy_http_version 1.1;
    > } }


    nodejs settings



    require('@babel/polyfill'); 
    const app = require('./app');
    const debug = require('debug')('learn-express:server');
    const http = require('http');
    require('dotenv').config();

    const port = normalizePort(process.env.http_port);
    app.listen(port, () => {
    console.log('Server is running on port '+port);
    });









    share|improve this question


























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      my purpose...




      1. client ------> 80 port.

      2. 80 ----------> 443 (by nginx, for https)

      3. 443 ---------> 3000 (by nginx)

      4. express server is waiting on port 3000.


      When i tried connecting to the domain name, i just got cannot connect site, domain.com deny your access



      nginx settings - /etc/nginx/sites-available/default



      > # HTTP server {
      > listen 80 default_server;
      > listen [::]:80 default_server;
      > server_name domain.com www.domain.com;
      >
      > access_log /var/log/nginx/domain.access.log;
      > error_log /var/log/nginx/error.log;
      >
      > # redirect to https
      > return 301 https://$server_name$request_uri; }

      > # HTTPS server {
      > listen 443 ssl;
      > listen [::]:443 ssl;
      > #server_name domain.com www.domain.com;
      >
      > access_log /var/log/nginx/domain.access.log;
      > error_log /var/log/nginx/error.log;
      >
      > ssl on;
      >
      > # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
      > ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
      > ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
      >
      > ssl_session_timeout 1d;
      > ssl_session_cache shared:SSL:50m;
      > ssl_session_tickets off;
      >
      > # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
      > ssl_dhparam /etc/letsencrypt/live/www.domain.com/dhparam.pem;
      >
      > # intermediate configuration. tweak to your needs.
      > ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      > ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
      > ssl_prefer_server_ciphers on;
      >
      > # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months
      > add_header Strict-Transport-Security max-age=15768000;
      > # OCSP Stapling ---
      > # fetch OCSP records from URL in ssl_certificate and cache them
      > ssl_stapling on;
      > ssl_stapling_verify on;
      >
      > # verify chain of trust of OCSP response using Root CA and Intermediate certs
      > ssl_trusted_certificate /etc/letsencrypt/live/www.domain.com/chain.pem;
      >
      > resolver 8.8.8.8 8.8.4.4 valid=86400;
      > resolver_timeout 10;
      >
      > location / {
      > proxy_set_header Upgrade $http_upgrade;
      > proxy_set_header Host $host;
      > proxy_set_header X-NginX-Proxy true;
      > proxy_set_header X-Real-IP $remote_addr;
      > proxy_set_header X-Forwarded-Proto https;
      > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      >
      > #additional settings
      > proxy_read_timeout 300;
      > proxy_connect_timeout 300;
      >
      > proxy_pass http://localhost:3000;
      > proxy_redirect off;
      > proxy_http_version 1.1;
      > } }


      nodejs settings



      require('@babel/polyfill'); 
      const app = require('./app');
      const debug = require('debug')('learn-express:server');
      const http = require('http');
      require('dotenv').config();

      const port = normalizePort(process.env.http_port);
      app.listen(port, () => {
      console.log('Server is running on port '+port);
      });









      share|improve this question















      my purpose...




      1. client ------> 80 port.

      2. 80 ----------> 443 (by nginx, for https)

      3. 443 ---------> 3000 (by nginx)

      4. express server is waiting on port 3000.


      When i tried connecting to the domain name, i just got cannot connect site, domain.com deny your access



      nginx settings - /etc/nginx/sites-available/default



      > # HTTP server {
      > listen 80 default_server;
      > listen [::]:80 default_server;
      > server_name domain.com www.domain.com;
      >
      > access_log /var/log/nginx/domain.access.log;
      > error_log /var/log/nginx/error.log;
      >
      > # redirect to https
      > return 301 https://$server_name$request_uri; }

      > # HTTPS server {
      > listen 443 ssl;
      > listen [::]:443 ssl;
      > #server_name domain.com www.domain.com;
      >
      > access_log /var/log/nginx/domain.access.log;
      > error_log /var/log/nginx/error.log;
      >
      > ssl on;
      >
      > # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
      > ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
      > ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
      >
      > ssl_session_timeout 1d;
      > ssl_session_cache shared:SSL:50m;
      > ssl_session_tickets off;
      >
      > # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
      > ssl_dhparam /etc/letsencrypt/live/www.domain.com/dhparam.pem;
      >
      > # intermediate configuration. tweak to your needs.
      > ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      > ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
      > ssl_prefer_server_ciphers on;
      >
      > # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months
      > add_header Strict-Transport-Security max-age=15768000;
      > # OCSP Stapling ---
      > # fetch OCSP records from URL in ssl_certificate and cache them
      > ssl_stapling on;
      > ssl_stapling_verify on;
      >
      > # verify chain of trust of OCSP response using Root CA and Intermediate certs
      > ssl_trusted_certificate /etc/letsencrypt/live/www.domain.com/chain.pem;
      >
      > resolver 8.8.8.8 8.8.4.4 valid=86400;
      > resolver_timeout 10;
      >
      > location / {
      > proxy_set_header Upgrade $http_upgrade;
      > proxy_set_header Host $host;
      > proxy_set_header X-NginX-Proxy true;
      > proxy_set_header X-Real-IP $remote_addr;
      > proxy_set_header X-Forwarded-Proto https;
      > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      >
      > #additional settings
      > proxy_read_timeout 300;
      > proxy_connect_timeout 300;
      >
      > proxy_pass http://localhost:3000;
      > proxy_redirect off;
      > proxy_http_version 1.1;
      > } }


      nodejs settings



      require('@babel/polyfill'); 
      const app = require('./app');
      const debug = require('debug')('learn-express:server');
      const http = require('http');
      require('dotenv').config();

      const port = normalizePort(process.env.http_port);
      app.listen(port, () => {
      console.log('Server is running on port '+port);
      });






      node.js express nginx https






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 11 at 21:30









      mihai

      23.2k73968




      23.2k73968










      asked Nov 4 at 14:13









      websterking

      63




      63





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53141737%2fwhat-should-i-do-for-https-in-nginx-express%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53141737%2fwhat-should-i-do-for-https-in-nginx-express%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Florida Star v. B. J. F.

          Danny Elfman

          Lugert, Oklahoma