Question

Installed NodeBB can't access installation, Nginx setup & SSL

I created a new Ubuntu droplet with the Node.js one click install.

Followed this guide to have nodebb installed on the server https://nodebb.readthedocs.io/en/latest/installing/os/ubuntu.html

I created an A record to point the server to my subdomain community.intelisight.com and added same on cloudflare.

But when I try to access the installation (which was successful and the service shows as running) with this http://community.intelisight.com:4567 I get nothing. When I say http://community.intelisight.com same thing, I’m simply unable to access the live site.

My questions are

a) What am I doing wrong? What do I need to do to see the nodebb installation? b) Is there a guide showing how to use nginx as the proxy server so I don’t have to put in the port to access the website? c) How can I setup a free Let’s Encrypt SSL on this installation?

Thank you


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

@ososoba

When it comes to NodeJS apps and NGINX, the only way to access your URL with attaching the port to the end would be to use NGINX as a Proxy, in which case you would proxy requests on 80/443 to the port of your choice (i.e. your NodeJS app).

For example, this server block will take requests on port 80 and redirect them to port 443, and proxy requests on 443 to port 4567 (i.e your app). This would all be in a single file (i.e. yourdomain.conf).

NGINX as a Proxy

#
# HTTP - Redirect Requests on Port 80 to 443
#
server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;

    return 301 https://$host$request_uri;
}

#
# HTTPS
#
server {
    listen 443;
    listen [::]:443;

    server_name yourdomain.com www.yourdomain.com

    #
    # SSL Configuration Goes Here
    #
    
    location / {
        proxy_pass http://localhost:4567;
        proxy_connect_timeout 59s;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_buffer_size 64k;
        proxy_buffers 16 32k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 64k;
        proxy_pass_header Set-Cookie;
        proxy_redirect off;
        proxy_set_header Accept-Encoding '';
        proxy_ignore_headers Cache-Control Expires;
        proxy_set_header Referer $http_referer;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_hide_header X-Powered-By;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_no_cache $http_pragma $http_authorization;
        proxy_cache_bypass $http_pragma $http_authorization;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
    }
}

You’d need to change yourdomain.com to your actual domain, of course, though the above will set you up so that you’re not forced to use the port in the URL.

You’ll need to reload NGINX once you’re done making changes using:

systemctl reload nginx

or

service nginx reload

LetsEncrypt

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

@ososoba

The issue with CloudFlare is common. If you login and navigate to their SSL Settings page, you should see a drop-down with a few options. It’s either Full or Full (Strict) – that’s the setting you need to use.

I’ve ran in to that issue with quite a few sites as of late and that seems to be the only fix for those who use CloudFlare.

Thanks a lot @jtittle you’ve been really helpful.

I tried the config you sent over, was getting an error on Cloudflare, something like “SSL Handshake Error” so I retried the old config without that “try” line, and it worked.

@ososoba

Ah, now that makes sense :-). The issue is due to this line:

try_files $uri $uri/ =404;

With the above line, you’re telling NGINX to look in the directory defined by root, which invalidates the proxy configuration we’re doing.

So what I would recommend doing is simply making a backup of that file locally, and then deleting it from your server. You can then create a new one using the one I’ve provided below (which is cleaned up a bit).

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name community.intelisight.org;
    
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name community.intelisight.org
    
    include snippets/ssl-community.intelisight.org.conf;
    include snippets/ssl-params.conf;
    
    location / {
        proxy_pass http://localhost:4567;
        proxy_connect_timeout 59s;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_buffer_size 64k;
        proxy_buffers 16 32k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 64k;
        proxy_pass_header Set-Cookie;
        proxy_redirect off;
        proxy_set_header Accept-Encoding '';
        proxy_ignore_headers Cache-Control Expires;
        proxy_set_header Referer $http_referer;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_hide_header X-Powered-By;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_no_cache $http_pragma $http_authorization;
        proxy_cache_bypass $http_pragma $http_authorization;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
    }

    location ~ /.well-known {
        allow all;
    }
}