node.jsnginxcertbot

Nginx configure Certbot SSL certificate for port 8000


i have installed an SSL certificate into my app using certbot:

sudo certbot --nginx -d bushnaq.group -d www.***.grup

Certbot has automatically configured my Nginx conf file to set port 443 (default port) to run over https connection:

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bushnaq.group/***.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bushnaq.group/***.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/***.pem; # managed by Certbot

In order to prevent the mixed content issue, both the client and the server must run over https connection, otherwise the requests will be blocked, so i need to manually configure my my Nginx conf file for my NodeJS server which runs on port 8000 => ***.group:8000, so i have modified to be like this:

server {
    server_name ***.group www.***.group;
    root /root/bushnaq-hostinger/client/dist;

    location / {
        try_files $uri /index.html;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bushnaq.group/***.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bushnaq.group/***.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.***.group) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = ***.group) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name ***.group www.***.group;
    return 404; # managed by Certbot
}

server {
    listen 8000 ssl;
    server_name ***.group www.***.group;

    ssl_certificate /etc/letsencrypt/live/bushnaq.group/***.pem;
    ssl_certificate_key /etc/letsencrypt/live/bushnaq.group/***.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://localhost:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

However when i visit https://***.group:8000 it says "400 Bad Request The plain HTTP request was sent to HTTPS port", my server is managed and run by pm2, and is online, am i missing something in the Nginx configuration ?


Solution

  • I would give you an advice to use SSL certificate which is generated by Cloudflare ( cloudflare.com ). Because by using this you do not have to generate new SSL certificates every 90 days. You can generated one secrtificate for 10 years. It is so easy to use it with Nginx.

    Guide video: https://www.youtube.com/watch?v=cI17WMKtntA

    Hope it will help you. I know that certbot is good,but anyway you have to renew ssl after sertain period of time!