Question

Nginx reverse proxy with Express and Node.js app not redirecting to https

Hello,

maybe somebody here could help me. How can I set Nginx to force https? I user nginx as reverse proxy for my node.js app. Configured as DigitalOcean’s tutorial said, with pm2 and Express router. I also configured Certbot, that was supposed to force https, but it does not. Here is my sites-available/sites-enabled conf:

server {

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name pawelkleczek.pl www.pawelkleczek.pl;

        location ~ ^/build/ {
                root /home/pablo/pawelkleczek.pl/build/;
                access_log off;
                expires 24h;
        }

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://127.0.0.1:3000/;
                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        listen [::]:443 ssl ipv6only=on;
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/pawelkleczek.pl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pawelkleczek.pl/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

server {

        if ($host = www.pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }

        if ($host = pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }
}
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Eddie ZaneskiMarch 22, 2018

I think your server blocks should only have one listen directive. Think that’s where your issue is with your last block where you redirect.

Here’s one of my configs:

server {
  server_name _;
  return 404;
}

server {
  listen 80;
  server_name doesnotscale.com;
  return 301 https://$host$request_uri;
}

server {
  server_name doesnotscale.com;
  listen 443 ssl http2;

  include /etc/nginx/snippets/letsencrypt.conf;

  client_max_body_size 10m;

  include /etc/nginx/snippets/ssl.conf;
  ssl_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/doesnotscale.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;

  gzip off;

  resolver 8.8.8.8 8.8.4.4;

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://127.0.0.1:2368;
    proxy_redirect off;
  }
}

Also see https://mozilla.github.io/server-side-tls/ssl-config-generator/