0

I try to implement ssl in my node.js app but failed. Here is my app.js

https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801

In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.

So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below

server {

    listen 80;

    server_name mysite.com;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

}

But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.

Jessie Emerson
  • 743
  • 4
  • 12
  • 25

1 Answers1

0

You need to listen on port 443 and configure nginx to use some certificates.

Something like:

server {
    listen 443;
    server_name example.com;
    add_header Strict-Transport-Security "max-age=3600";
    ssl on;
    ssl_certificate /.../chained2.pem;
    ssl_certificate_key /.../domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
    ssl_session_cache shared:SSL:50m;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

}

Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.

rsp
  • 107,747
  • 29
  • 201
  • 177
  • I need to uplaod my ssl to ngix? I thought if I install it on node I need not to touch nginx? nginx is just for reverse proxy purposes. – Jessie Emerson Dec 01 '16 at 14:42
  • What is .pem? I only have .crt. – Jessie Emerson Dec 01 '16 at 14:44
  • @JessieEmerson You need to use your ssl cert in nginx because that is what clients are connecting to. If you have a reverse proxy then you don't need the ssl cert in your node app especially since your proxy connects to node app over http as you wrote in `proxy_pass http://localhost:3001;`. pem and crt should be the same. – rsp Dec 01 '16 at 14:45
  • so I were wrong implementing ssl in node.js since the beginning? I should have done that in nginx since i use reverse proxy? – Jessie Emerson Dec 01 '16 at 14:54
  • @JessieEmerson You can implement ssl in node app if you want your proxy to connect with your node app using ssl but if you want people to connect with your proxy using ssl then you have to have nginx configured with ssl a well. – rsp Dec 01 '16 at 15:01
  • wow so it's always double work installing ssl in node.js? I use nginx reverse proxy because I have multiple apps on one server. Things could be easier if I don't use reverse proxy am I right @rsp? – Jessie Emerson Dec 01 '16 at 15:09
  • 1
    @JessieEmerson It would be easier if you didn't use reverse proxy but then it would be harder to use multiple apps on one server. – rsp Dec 01 '16 at 15:14
  • Thanks for your help! – Jessie Emerson Dec 01 '16 at 15:37