Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
360 views
in Technique[技术] by (71.8m points)

node.js - reverse proxy using ngix and ssl implementation on express failed

I try to implement ssl in my node.js app but failed. Here is my app.js

https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801

In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.

So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below

server {

    listen 80;

    server_name mysite.com;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

}

But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You need to listen on port 443 and configure nginx to use some certificates.

Something like:

server {
    listen 443;
    server_name example.com;
    add_header Strict-Transport-Security "max-age=3600";
    ssl on;
    ssl_certificate /.../chained2.pem;
    ssl_certificate_key /.../domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
    ssl_session_cache shared:SSL:50m;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

}

Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...