Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: dashboard.bjahe.com
I ran this command: NA
It produced this output: NA
My web server is (include version): Nginx
The operating system my web server runs on is (include version): Ubuntu 22.04.2
My hosting provider, if applicable, is: digital ocean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 2.10.0
Topic Details:
I am using Godaddy as my domain registrar and have created a subdomain linked to my server's IP address on Digital Ocean. I am also using Let's Encrypt to get SSL certificates and nginx as a reverse proxy. Below is my nginx configuration file:
server {
listen 443 http2 ssl;
server_name <subdomain_name>;
#Logging
access_log /var/log/nginx/<subdomain_name>.access.log;
error_log /var/log/nginx/<subdomain_name>.error.log;
location /.well-known/acme-challenge/ {
root /var/www/html/test; # Temp for generating letsencrypt
default_type text/plain;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://127.0.0.1:3001;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:3001 http://<subdomain_name>/;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
# SSL configuration
ssl_certificate /etc/letsencrypt/live/<subdomain_name>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<subdomain_name>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = <subdomain_name>) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name <subdomain_name>;
return 404; # managed by Certbot
}
Setup:
I am running multiple applications that are listening on different ports with some applications being dependent on each other.
Example:
http://<subdomain_name>:3001 -> being a nginx application angular frontend application
http://<subdomain_name>:3002 -> an API that provides http://<subdomain_name>:3001 with the necessary data
http://<subdomain_name>:3003 -> another service
Problem:
When I run the domains without SSL using plain HTTP, they work fine. However, when I try to access them using HTTPS, only https://<subdomain_name>:3001
works. Endpoints like https://<subdomain_name>:3002 and https://<subdomain_name>:3003
throw an error: "This website cannot provide a secure connection <subdomain_name> has sent an invalid response. ERR_SSL_PROTOCOL_ERROR"
.
Expected outcome:
I want all endpoints (http and https) to work properly, and https://<subdomain_name>:3002
should be able to provide data to https://<subdomain_name>:3001
without errors.
I've tried adjusting the nginx configuration by adding different server blocks for each service, but I can't get it to work as expected. Any guidance on how to resolve this issue would be greatly appreciated.