0

My application is running on AWS EC2 instance. I have a domain name using HTTPS from cloudflare. I have added "A record" at cloudflare to EC2 IP address

The following in the Nginx configuration i used

step 1)

  server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name inzack.com www.inzack.com;

    rewrite ^\/[^\/]+\/(.*) /$1 redirect;

    location / {
            return 301 https://$server_name$request_uri;
    }
 }


server {
    listen 443;
    server_name inzack.com www.inzack.com;
    ssl on;
    ssl_certificate  /home/ubuntu/certificates/inzack.crt;
    ssl_certificate_key  /home/ubuntu/certificates/inzack.key;
    real_ip_header X-Forwarded-For;
    set_real_ip_from 127.0.0.1;

   location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://127.0.0.1:5000;
    }

}

step 2) sudo nano /etc/nginx/sites-available/inzack.com

The following is the entry in the file:

   upstream inzack.com {
      server 127.0.0.1:5000;
    }
 
    server {
    listen 80;
    listen [::]:80;
    server_name inzack.com;
      location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://inzack.com;
        proxy_redirect on;
           }
       }

I tried all these links:

http to https redirection on nginx

Node.js + Nginx - What now?

Any help on this would be really great...

Thanks k

inzack
  • 53
  • 6

1 Answers1

0

No need to change in etc/Nginx/Sites-available/ folder

Step 1) @ cloudflare changed page rules to Https

Step 2)

  server{
  listen 80;
     server_name inzack.com www.inzack.com;

   location /
     {
       proxy_pass http://127.0.0.1:4000;
     }



   }
    server {

    listen 443;
    server_name inzack.com www.inzack.com;
    ssl on;
    # copy these files from cloudflare save it as .crt and .key
    # cop
    ssl_certificate  /home/ubuntu/certificates/inzack.crt;
    ssl_certificate_key  /home/ubuntu/certificates/inzack.key;
    real_ip_header X-Forwarded-For;
    set_real_ip_from 127.0.0.1;

   location / {
                   proxy_pass http://127.0.0.1:4000;
    }

}

Restart the Nginx server

inzack
  • 53
  • 6
  • With the above approach we need to open 4000 port to all IP addresses which is a security breach. We need find a way the access the application without opening the port – inzack Feb 26 '21 at 07:17
  • No - there is no need to expose port `4000` to the public. The little `127.0.0.1` tells you that. Port 80 / 443 are important here. – Timo Stark Feb 26 '21 at 07:56
  • This will not redirect the user from `http` to `https`. @inzack in your example the website will be available on port `80` as well. You can use a simple `return 301 https://$host$uri;` in your `location` in your `server` block listen on port `80`. – Timo Stark Feb 26 '21 at 07:58
  • Regarding "exposing the port 4000" If i do not release 4000 in AWS Security groups it is not accessible. – inzack Feb 26 '21 at 09:37
  • Please suggest without releasing the port how can i access the web application from internet. But ports 80 and 443 are already released – inzack Feb 26 '21 at 09:50
  • So then please describe your AWS Setup more clear. The configuration above says your application port 4000 is deployed on the same EC2 Instance as NGINX. The NGINX is taking care of the TLS termination with certs from cloudflare? Correct? If not please update the question and describe your infrastructure. – Timo Stark Feb 26 '21 at 11:21
  • I posted this issue separately on https://stackoverflow.com/questions/66397502/nginx-reverse-proxy-security-issue-by-releasing-port-in-aws-security-group @Tim can u help me in this regard – inzack Feb 27 '21 at 09:52