Question

Can't reach my Nodejs server anymore / Nginx (Error 502, SSL failed, ...)

I have a ReactJs frontend and NodeJs backend running on DigitalOcean. I changed something (but cant remember what I changed), all was working fine but then I had to restart my server and since then I can’t reach my backend anymore.

I always am getting this error: “Access to fetch at ‘https://nodejs.site.com/apicall’ from origin ‘https:// site.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.” Error 502

Nodejs server is running cos I can reach it using ip address (with http).

This is my nginx default config file:

server {
    root /var/www/mysite.com/html/build;
index index.html index.htm index.nginx-debian.html;
server_name mysite.com;
location / {
                            try_files $uri $uri/ /index.html;
    }


listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot}

server {
    server_name nodejs.mysite.com;
    location / {

    proxy_pass https://localhost:8800; #whatever port your app runs on
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nodejs.mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nodejs.mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

error log from Nginx:

[error] 2034#2034: *146 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: 43.224.169.197, server: nodejs.site.com, request: "GET /apicall_id=3 HTTP/1.1", upstream: "https://127.0.0.1:8800/apicall_id=3", host: "nodejs.site.com", referrer: "http://localhost:3000/"

What I have tried already?

  • adding ‘Access-Control-Allow-Origin …’ to the config file
  • restarting all services and server …

What is wrong? I hope someone can help me …

edit: status SSH

 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
    Drop-In: /etc/systemd/system/ssh.service.d
             └─00-socket.conf
     Active: active (running) since Sun 2023-09-03 10:58:57 UTC; 2h 33min ago
TriggeredBy: ● ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 728 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 739 (sshd)
      Tasks: 1 (limit: 994)
     Memory: 8.7M
        CPU: 612ms
     CGroup: /system.slice/ssh.service
             └─739 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Sep 03 13:15:16 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2557]: Invalid user admin from 139.59.78.11 port 42204
Sep 03 13:15:16 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2557]: Connection closed by invalid user admin 139.59.78.11 port 42204 [preauth]
Sep 03 13:24:43 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2664]: Accepted publickey for root from 43.224.169.197 port 22898 ssh2: RSA SHA256:5RBxNOVo/P7toxkvPlA>
Sep 03 13:24:43 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2664]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Sep 03 13:24:43 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2664]: pam_env(sshd:session): deprecated reading of user environment enabled
Sep 03 13:26:04 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2661]: fatal: Timeout before authentication for 218.92.0.108 port 40561
Sep 03 13:27:40 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2720]: Received disconnect from 61.177.172.179 port 42231:11:  [preauth]
Sep 03 13:27:40 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2720]: Disconnected from authenticating user root 61.177.172.179 port 42231 [preauth]
Sep 03 13:30:02 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2727]: Invalid user  from 64.62.197.5 port 13793
Sep 03 13:30:06 ubuntu-s-1vcpu-1gb-intel-nyc1-01 sshd[2727]: Connection closed by invalid user  64.62.197.5 port 13793 [preauth]


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
September 5, 2023

Heya,

So the SSH is not the issue.

It’s something with the application and nginx.

Your frontend application (ReactJs running on https://site.com) is trying to access your backend server (NodeJs on https://nodejs.site.com), which is a cross-origin request. You must configure your NodeJs backend to allow requests from your frontend domain.

To address the CORS issue in your Node.js backend: If you’re using Express, you can use the cors middleware:

const express = require('express');
const cors = require('cors');

const app = express();

// Add this before your routes
app.use(cors({
  origin: 'https://site.com' // or you can set it to '*' to allow all origins, but it's less secure
}));

// Your routes go here

Ensure that the above configuration is placed before your routes, so it’s applied before processing the routes.

Additionally, add the following into your Nginx config:

add_header 'Access-Control-Allow-Origin' '*'; 
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

To handle the CORS headers.

Finally, given the error you previously mentioned (SSL_do_handshake() failed), ensure that your Node.js backend is correctly set up to handle SSL, or switch to plain HTTP as suggested.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.