Nginx reverse proxy with Express and Node.js app not redirecting to https

Question

Hello,

maybe somebody here could help me. How can I set Nginx to force https? I user nginx as reverse proxy for my node.js app. Configured as DigitalOcean’s tutorial said, with pm2 and Express router. I also configured Certbot, that was supposed to force https, but it does not. Here is my sites-available/sites-enabled conf:

server {

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name pawelkleczek.pl www.pawelkleczek.pl;

        location ~ ^/build/ {
                root /home/pablo/pawelkleczek.pl/build/;
                access_log off;
                expires 24h;
        }

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://127.0.0.1:3000/;
                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        listen [::]:443 ssl ipv6only=on;
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/pawelkleczek.pl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pawelkleczek.pl/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

server {

        if ($host = www.pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }

        if ($host = pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }
}

Eddie Zaneski · Answer

I think your server blocks should only have one listen directive. Think that’s where your issue is with your last block where you redirect. Here’s one of my configs: server { server_name _; return 404; } server { listen 80; server_name doesnotscale.com; return 301 https://$host$request_uri; } server { server_name doesnotscale.com; listen 443 ssl http2; include /etc/nginx/snippets/letsencrypt.conf; client_max_body_size 10m; include /etc/nginx/snippets/ssl.conf; ssl_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/doesnotscale.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem; gzip off; resolver 8.8.8.8 8.8.4.4; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:2368; proxy_redirect off; } } Also see https://mozilla.github.io/server-side-tls/ssl-config-generator/

Related

Question

Nginx reverse proxy with Express and Node.js app not redirecting to https

Related

Try DigitalOcean for free