I can't install the SSL certificate in nginx

February 21, 2019 717 views
Ubuntu 18.04 Nginx JavaScript Node.js

I have a Node js application that listens to port 3000. I installed nginx and configured it so that it redirects the data from port 80 to 3000 using the following line:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000

I also have an assigned domain name: okium.fun. Finally I bought an SSL certificate and configured the file /etc/nginx/sites-aviable/default to try to make it work. My default file looks like this:

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  listen 443 ssl;

  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;

  server_name  okium.fun;

  ssl_certificate /root/okium.fun.chained.crt;
  ssl_certificate_key /root/okium.fun.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

  location / {
    try_files $uri $uri/ =404;
  }
}

When writing http://okium.fun or http://www.okium.fun in the browser the application is displayed correctly but when typing https://okium.fun or https://www.okium.fun I get the following message “The okium.fun page has rejected the connection. ERRCONNECTIONREFUSED”.
Any ideas of what may be happening?

1 Answer

Hey friend,

It sounds like you’re not actually using Nginx here, at least from what I gather. If you’re using iptables to redirect port 80 to 3000, then requests to port 80 are being forwarded directly to the app on port 3000. What you want to do here is remove the iptables rule and configure Nginx to reverse proxy requests to port 80 and 443 to port 3000.

Now, one interesting side note. If your Nginx was working properly with this setup, regardless of it not playing the intended role on port 80, you should be seeing something different. You could have Nginx listening on 80 and 443, iptables redirecting traffic from port 80, and Nginx still serving the https traffic properly over port 443. It would be like:

80 -> 3000
443 -> /var/www/html/index.{htm,html}

So you’d be seeing the Nginx default landing page if the application were working. Either it’s simply that Nginx isn’t running or it’s configuration is broken. So when you get rid of that iptables rule, expect the same error to follow on http request. However, that’s where you’ll need to be to accurately troubleshoot.

If it’s me, this is the first thing I’m doing:

sudo iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
systemctl start nginx

Then I’m running this to see if Nginx is running:

netstat -tulpn | grep nginx

If I get a return, I’m checking http and https requests to see if both display the Nginx default landing page. If they don’t, I’m checking Nginx config for errors:

nginx -t

Then I’d correct the errors, and start Nginx back up:

systemctl start nginx

Assuming you’ve done that, or that it was started already in the first place, then I’m moving forward to changing the Nginx configuration to reverse proxy to port 3000 instead of serving HTML from /var/www/html. For that, I’m using this tutorial:

https://www.keycdn.com/support/nginx-reverse-proxy

Of course, you’ll need to intelligently pick out what pieces of your existing server block to keep, rather than replacing it all with the server block given in the tutorial. The lines for listening on port 443, as well as the SSL certificate/key, are examples of lines that will need to stay.

Hope that helps :)

Jarland

  • Hello Jarland, thanks for taking the time to respond. I was trying many things until I finally deleted the server and created a new one but now redirected from nginx and not from iptables. Everything works perfectly.

Have another answer? Share your knowledge.