Cloudfare, nginx, nodejs problem with config SSL (525 / 521 error)


#1

0

I have the problem with Cloudflare and SSL. When I set redirect like below (nginx.conf) I always receive error 525 or 521.

I found solution about setting SSL as Strict mode and did it. Still nothing improve and I stuck in problem.

Any help will be really appreciate.

Architecture of server:

  1. nodejs
  2. Nginx (wordpress - blog.example.pl) + host to nodejs (example.pl)

nginx.conf:

#add_header X-Frame-Options SAMEORIGIN;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}


http {
        client_max_body_size 100M;
        ##
        # Basic Settings
        ##
        server_tokens off;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;


################
#--- example ---#
################

upstream example.pl {
    server 127.0.0.1:3000;
    keepalive 8;
}

server {
    listen 0.0.0.0:80;
    server_name blog.example.pl;
    access_log /var/www/html/access.log;
    error_log /var/www/html/error.log;
    root   /home/ubuntu/apps/example-blog/;
    index index.php;

    location ~ \.php$ {
        try_files $uri =404;
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }
}

server {
    listen 80;
    server_name example.pl;

    access_log /var/www/html/access-example.log;
    error_log /var/www/html/error-example.log;

    if ($http_x_forwarded_proto = "http") {
        return 301 https://$server_name$request_uri;
    }

location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://example.pl/;
        proxy_redirect off;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location ~ ^/(avatars/|certificates/) {
        root /home/ubuntu/apps/example/public/;
        expires 30d;
        access_log off;
        #add_header Pragma public;
        add_header Cache-Control "public";
    }

    location ~*  \.(svg|jpg|jpeg|png|gif|ico|css|js)$ {
        #location ~* ^.+\.(css|js)$ {
        root /home/ubuntu/apps/example/dist/;
        expires 30d;
        access_log off;
        #add_header Pragma public;
        add_header Cache-Control "public";
        #fastcgi_pass example.pl:3000;
    }
}

server {
    listen       81;
    server_name  localhost;
    access_log /var/www/html/access.log;
    error_log /var/www/html/error.log;

    root   /home/ubuntu/apps/example-blog/; 
    #/var/www/html/;
    #root /var/www/html/;
    index index.php;
    location ~ \.php$ {
            try_files $uri =404;
            include /etc/nginx/fastcgi.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
            #fastcgi_pass 127.0.0.1:9000;
            #fastcgi_index index.php;
            #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            #include fastcgi_params;
        }

    location /phpmyadmin {
       root /usr/share/;
       index index.php index.html index.htm;
       location ~ ^/phpmyadmin/(.+\.php)$ {
               try_files $uri =404;
               root /usr/share/;
               fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                include /etc/nginx/fastcgi.conf;
                #fastcgi_index index.php;
               #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               #include fastcgi_params;
       }
       location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
               root /usr/share/;
       }
   }

   location /phpMyAdmin {
       rewrite ^/* /phpmyadmin last;
   }

}
}

#2

Looks like none of your server blocks are listening on the HTTPS port 443. One of your http blocks, probably the first one, needs to have the following directives

listen 443 ssl http2;
ssl_certificate PATH/TO/LETSENCRYPT.pem;
ssl_certificate_key PATH/TO/LETSENCRYPT_KEY.pem;

Note that this should be a new server block that isn’t combines with one of your existing server blocks that have listen 80.