Can not access NodeJS apps after installing Let's Encrypt and configuring nginx

Here is my /etc/nginx/sites-available/default code :

server {
    listen 80;

    server_name mydomain.com;

    location /home/user1/apps/app1.js {
    proxy_pass http://0.0.0.0:9117;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 43200000;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
    }
   
    location /home/user1/apps/app2.js {
    proxy_pass http://0.0.0.0:9118;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 43200000;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /home/user1/apps/app3.js {
    proxy_pass http://0.0.0.0:9130;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 43200000;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

 
    listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/w3rpractice.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/w3rpractice.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}

Nginx is configured and running properly. All the nodejs apps are also running properly. But when Ajax requests are sent from a different domain (also https), in console, it says :slight_smile:

Failed to load resource: net::ERR_CONNECTION_CLOSED          domain.com:port

Failed to load resource: net::ERR_CONNECTION_CLOSED https://domain.com:port
Please guide me to what is causing the issue and how to fix it. Firewall (ufw) is configured properly. All the apps used to run properly before https was installed.

instead of adding ssl inside same block , try adding it two server blocks [one for 80 , and one for 443]

for rewrite rule try this:
rewrite ^ (.*) https://$host$request_uri? permanent;
or return 301 https://$server_name$request_uri;

After that try checking in different browsers

I have not made any modifications in the default nginx file. All these are
created by let’s encrypt itself.

hi @rtwk2010

Please review the questions you are asked specifically the one about domain names

Please fill out the fields below so we can help you better.

Note: you must provide your domain name to get help.

Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I understand. Domain name is w3rpractice.com

hi @rtwk2010

Do you have a HTTPS server as well as a HTTP Server in your NodeJS code.

I would suggest you remove the re-writes.

if ($scheme != "https") {
    return 301 https://$host$request_uri;
} # managed by Certbot

What I suspect you would see.

On HTTP requests to http://w3rpractice.com/home/user1/apps/app2.js you will get the app

On HTTPS requests to https://w3rpractice.com/home/user1/apps/app2.js you will not

If this is the case I believe it should be as simple as adding the PROXY blocks to the HTTPS section.

Andrei

also check from the server itself if the NodeJS applications are listening and returning pages

a few guides on how to set up the manual redirection

Andrei

I removed that block. But that did not fix the issue. Shall I put that back? That block was created automatically when I was configuring using cerbot.

ok

i don’t think your issue is with certbot but rather your proxying rules as they do not proxy do anything on the backend

What is the entry route to your application?

/home/user1/apps/app3.js that seems like a path to the server js file rather than a web route

Andrei

also i don’t believe your nodejs applications are configured correctly

image

image

Well, before SSL is installed, all those nodejs apps were working. If you try w3rpractice.com:9118/home/user1/apps/app1.js, it may not work because, the way it works is, when a request is sent, the app which resides in /home/user1/apps/app1.js file receives the request and then spits the output./home/user1/apps/app1.js and other paths I mentioned are not meant to be web routes. They are used to accept requests, process and then spit output on a different port. And this was working since last several years without any issue (except a few node version related issues which are related to the app but not the underlying infrastructure.)

@ahaw021 node js uses proxy module to link the domain and localhost:port . so do not try it with domain:port/path .It will return assigned paths inside the code .ex : inside code if domain/contactus is created , it will return corresponding data.

You may try two different blocks and check .You can post the logs for that.

In the code, app is listening on port 9118. Path is given as /. It is not domain:port/path.

One for ssl and another for http? But this configuration is created automatically by certbot itself. I checked nginx properly. It is working.

problem here is redirection . so we need to check if its working properly with different blocks with manual configuration and rewrite rules other than certbot creates. so give an attempt.If the manual configuration works . we can strongly request someone to look after this certbots’ issue .

I have not got your last sentence. Do you want to recommend someone to look after the issue professionally? or community help. We are open to it.

i meant community member.

Sure. I am open if a community member may look into the matter and help me
to fix the issue.

Hi @rtwk2010,

I’ve tested the default conf you posted, as is, just changing the domain names and the path to the cert and it is working fine, it is proxying the requests performed to defined locations so I wonder if you have another conf file for your domain that is taking priority over the requests.

Could you please show the output of these commands?.

grep -i include /etc/nginx/nginx.conf

ls -la /etc/nginx/sites-available/

ls -la /etc/nginx/sites-enabled/

grep -ri 'server_name.*w3rpractice\.com' /etc/nginx/

Cheers,
sahsanu