Installed NodeBB can't access installation, Nginx setup & SSL

@ososoba

The issue with CloudFlare is common. If you login and navigate to their SSL Settings page, you should see a drop-down with a few options. It’s either Full or Full (Strict) – that’s the setting you need to use.

I’ve ran in to that issue with quite a few sites as of late and that seems to be the only fix for those who use CloudFlare.

Thanks a lot @jtittle you’ve been really helpful.

I tried the config you sent over, was getting an error on Cloudflare, something like “SSL Handshake Error” so I retried the old config without that “try” line, and it worked.

@ososoba

Ah, now that makes sense :-). The issue is due to this line:

try_files $uri $uri/ =404;

With the above line, you’re telling NGINX to look in the directory defined by root, which invalidates the proxy configuration we’re doing.

So what I would recommend doing is simply making a backup of that file locally, and then deleting it from your server. You can then create a new one using the one I’ve provided below (which is cleaned up a bit).

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name community.intelisight.org;
    
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name community.intelisight.org
    
    include snippets/ssl-community.intelisight.org.conf;
    include snippets/ssl-params.conf;
    
    location / {
        proxy_pass http://localhost:4567;
        proxy_connect_timeout 59s;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_buffer_size 64k;
        proxy_buffers 16 32k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 64k;
        proxy_pass_header Set-Cookie;
        proxy_redirect off;
        proxy_set_header Accept-Encoding '';
        proxy_ignore_headers Cache-Control Expires;
        proxy_set_header Referer $http_referer;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_hide_header X-Powered-By;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_no_cache $http_pragma $http_authorization;
        proxy_cache_bypass $http_pragma $http_authorization;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
    }

    location ~ /.well-known {
        allow all;
    }
}

Figured it out with cyberduck :D

Here’s the file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;
        server_name community.intelisight.org;
        return 301 https://$server_name$request_uri;
}

server {

	# SSL configuration
	#
	 listen 443 ssl http2 default_server;
	 listen [::]:443 ssl http2 default_server;
         include snippets/ssl-community.intelisight.org.conf;
         include snippets/ssl-params.conf;
         server_name community.intelisight.org

	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
                proxy_pass http://localhost:4567;
        proxy_connect_timeout 59s;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_buffer_size 64k;
        proxy_buffers 16 32k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 64k;
        proxy_pass_header Set-Cookie;
        proxy_redirect off;
        proxy_set_header Accept-Encoding '';
        proxy_ignore_headers Cache-Control Expires;
        proxy_set_header Referer $http_referer;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_hide_header X-Powered-By;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_no_cache $http_pragma $http_authorization;
        proxy_cache_bypass $http_pragma $http_authorization;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php7.0-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php7.0-fpm:
	#	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}

        location ~ /.well-known {
                allow all;
        }
}



# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

Sorry, I know this might be an absolute no brainer, but I’m having issues copying the whole .conf file, I can’t get past the text on screen.

Any pointers will be appreciated

So I might have found something, but I’m not sure if this is the problem

I checked the root www directory and could only find one file, I don’t think the nodebb files reside there

ls -R
.:
index.nginx-debian.html

But I’m a little worried that the nodebb install folder can’t be moved because some file associations might be lost. Same would happen if I move the root dir I guess

@ososoba

If you would, please post your exact configuration for your server block in a code block as a reply and I’ll be more than happy to take a look at it for you :-).

Thanks a lot @jtittle you’ve really been awesome

I’m having a separate issue now, not sure if you’d be able to identify the problem.

SSL & Nginx have been installed and configured, but I get a broken page and all links lead to a 404 error page

This is the URL https://community.intelisight.org/

@ososoba

As a side note, if NodeBB isn’t running on the port itself, try running:

sudo service nodebb status

If it’s showing a failure, you’ll want to check your permissions. You’ll need to run:

sudo adduser --system --group nodebb

and

sudo chown -R nodebb:nodebb /opt/nodebb

It’s easy to overlook those two commands, but without them, NodeBB won’t run if you are using the service file they provide in the guide.

That being said, if it’s still not running after setting proper permissions, it’s most likely due to the URL provided during setup. If you set it to the default localhost, then you need to use NGINX to proxy the request. Otherwise you’d need to set a valid public IP or domain.