Nginx reverse proxy with Express and Node.js app not redirecting to https

March 22, 2018 2.7k views
Nginx Node.js Let's Encrypt Ubuntu 16.04

Hello,

maybe somebody here could help me. How can I set Nginx to force https? I user nginx as reverse proxy for my node.js app. Configured as DigitalOcean's tutorial said, with pm2 and Express router. I also configured Certbot, that was supposed to force https, but it does not. Here is my sites-available/sites-enabled conf:

server {

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name pawelkleczek.pl www.pawelkleczek.pl;

        location ~ ^/build/ {
                root /home/pablo/pawelkleczek.pl/build/;
                access_log off;
                expires 24h;
        }

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://127.0.0.1:3000/;
                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        listen [::]:443 ssl ipv6only=on;
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/pawelkleczek.pl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pawelkleczek.pl/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

server {

        if ($host = www.pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }

        if ($host = pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }
}

1 Answer

I think your server blocks should only have one listen directive. Think that's where your issue is with your last block where you redirect.

Here's one of my configs:

server {
  server_name _;
  return 404;
}

server {
  listen 80;
  server_name doesnotscale.com;
  return 301 https://$host$request_uri;
}

server {
  server_name doesnotscale.com;
  listen 443 ssl http2;

  include /etc/nginx/snippets/letsencrypt.conf;

  client_max_body_size 10m;

  include /etc/nginx/snippets/ssl.conf;
  ssl_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/doesnotscale.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;

  gzip off;

  resolver 8.8.8.8 8.8.4.4;

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://127.0.0.1:2368;
    proxy_redirect off;
  }
}

Also see https://mozilla.github.io/server-side-tls/ssl-config-generator/

Have another answer? Share your knowledge.