Server Blocks Causing CORS Errors

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: red2roast.net

I ran this command: Included headers to handle cors

It produced this output: Status code: 405

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 22

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Using Ubuntu Terminal

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

This is my site configuration; i am thinking; i am not sure; i am just thinking that the reason i keep getting the cors erros is because i have an error in my .conf file which is below

# ====================================================
# www.red2roast.net and red2roast.net HTTPS Traffic
server {
    server_name red2roast.net www.red2roast.net;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/red2roast.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/red2roast.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# ====================================================
# api.red2roast.net HTTPS requests server block
server {
    #server block for 'api.red2roast.com' subdomain
    server_name api.red2roast.net;

    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        # Enable CORS
        add_header 'Access-Control-Allow-Origin' 'https://red2roast.shop' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.red2roast.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.red2roast.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
# ========================================================
# Server block for all HTTP requests
server {

    # server block for 'api.red2roast.net' domain
    listen 80;
    listen [::]:80;
    server_name api.red2roast.net;

    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;


        # Enable CORS
        add_header 'Access-Control-Allow-Origin' 'https://red2roast.shop' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
    }

}

# ==================================================
server {
    if ($host = www.red2roast.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = red2roast.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name red2roast.net www.red2roast.net;
    return 404; # managed by Certbot

}

I would really appreciate it if someone could review this and point out any mistakes I may have made. And also correct me...thanks

2

Yeah, that's not related to getting or even using Let's Encrypt certs. You would be better off learning about CORS from a server support or education forum.

This is an application design issue

2 Likes
3

Yeah, it could be but it was incomplete when you lookt at; kindly take alook again; see

4

Yeah, that has nothing to do with your Let's Encrypt certs. It is not even a server block for HTTPS (using TLS certificates).

Please see my post #2

When you try to renew your cert for your api subdomain make sure your proxy handles that correctly.

The config for the certs looks fine to me. And you redirect your root name and its www subdomain from HTTP to HTTPS. That's all fine. You get an A score from SSL Labs for your certificate config.

3 Likes
5

alright; thank you

2 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.