I am using Godaddy as my domain registrar and created a <subdomain_name>
which is linked to my servers IP address on Digital Ocean. I am also using Let’s encrypt to get SSL certificates and nginx as reverse proxy. Below is my nginx conf. file that I am using:
server {
listen 443 http2 ssl;
server_name <subdomain_name>;
#Logging
access_log /var/log/nginx/<subdomain_name>.access.log;
error_log /var/log/nginx/<subdomain_name>.error.log;
location /.well-known/acme-challenge/ {
root /var/www/html/test; # Temp for generating letsencrypt
default_type text/plain;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://127.0.0.1:3001;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:3001 http://<subdomain_name>/;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
# SSL configuration
ssl_certificate /etc/letsencrypt/live/<subdomain_name>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<subdomain_name>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = <subdomain_name>) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name <subdomain_name>;
return 404; # managed by Certbot
}
Setup:
I am running multiple applications that are listening on different ports with some applications being dependent on each other.
Example:
http://<subdomain_name>:3001 -> being a nginx application angular frontend application
http://<subdomain_name>:3002 -> an API that provides http://<subdomain_name>:3001 with the necessary data
http://<subdomain_name>:3003 -> another service
Problem:
When I run the domains without ssl using just plain http like http://<subdomain_name>:3001, http://<subdomain_name>:3002, http://<subdomain_name>:3003
then they work fine.
However when I try to run it in https, then the following cant be accessed:
https://<subdomain_name>:3002, https://<subdomain_name>:3003
The browser says:
This website cannot provide a secure connection <subdomain_name> has sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Only https://<subdomain_name>:3001
works, as it is being redirected because that is what I indicated in my nginx.conf file. However I do get a console error that says
POST https://<subdomain_name>:3002/graphql net::ERR_SSL_PROTOCOL_ERROR
The problem is that https://<subdomain_name>:3002
throws an error that it is not able to supply the data because it cant make a post request due to it not being a secure ssl connection.
I played around with the nginx config by adding different server blocks for the different services but I cant get it to work.
I want that the following will work with https as well:
http://<subdomain_name>:3001
http://<subdomain_name>:3002
http://<subdomain_name>:3003
Also, I want that service https://<subdomain_name>:3002
is able to provide data to https://<subdomain_name>:3001
by getting rid of this error.
POST https://<subdomain_name>:3002/graphql net::ERR_SSL_PROTOCOL_ERROR