1

I have a node server running on port 4000 and postgres running on 5432 on a GCP VM. I want to be able to access the node server at api.mydomain.com and postgres at db.mydomain.com.

I'm able to access the server at the desired subdomain with the SSL cert, but I'm getting a "502 Bad Gateway" for the db endpoint.

To configure the server block for the db, I copied over the one for the server and had certbot generate the necessary ssl certificate.

Here's the config in /etc/nginx/sites-available/default

server {
    server_name api.mydomain.com;

    location / {
        proxy_pass http://localhost:4000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = api.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    server_name api.mydomain.com;
    listen 80;
    return 404; # managed by Certbot
}

server {
    server_name db.mydomain.com;

    location / {
        proxy_pass http://localhost:5432;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/db.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/db.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = db.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    server_name db.mydomain.com;
    listen 80;
    return 404; # managed by Certbot
}

Both resources are available

enter image description here

Chris Krogh
  • 184
  • 4
  • 16
  • What is the corresponding message from the nginx error log? – Ivan Shatsky May 25 '22 at 22:49
  • Error log: https://gist.github.com/chriskrogh/b0fd94c3d1b883908b294f3d45ed1fb7 Not sure how to interpret what's going on. @IvanShatsky – Chris Krogh May 25 '22 at 22:55
  • Check [this](https://stackoverflow.com/questions/36488688/nginx-upstream-prematurely-closed-connection-while-reading-response-header-from) thread. If you need to proxy both HTTP and WebSocket connections to your DB backend, try the second method from the [official docs](http://nginx.org/en/docs/http/websocket.html) (that one using `map` block). – Ivan Shatsky May 25 '22 at 23:13
  • I eventually gave up on that config. I ended up connecting to postgres outside of nginx. – Chris Krogh May 26 '22 at 03:17

0 Answers0