Nginx reverse proxy issue on solidweb.org

ewingson · July 28, 2020, 5:09pm

solid is running on port 8443.
I have used the following sites-available/default (as in https://github.com/solid/node-solid-server/wiki/Running-Solid-behind-a-reverse-proxy)

# Nginx configuration

## Redirects all HTTP traffic to the HTTPS host
server {
  ## In case of conflict, either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file.
  listen 0.0.0.0:80;
  listen [::]:80;
  server_name solid.example.org;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/solid_access.log;
  error_log   /var/log/nginx/solid_error.log;
}

server {
  listen *:443 ssl;
  listen [::]:443 ssl;
  server_name solid.example.org;
  server_tokens off;

  access_log  /var/log/nginx/solid_ssl_access.log;
  error_log   /var/log/nginx/solid_ssl_error.log;

  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  location / {
    proxy_pass https://localhost:8443;

    gzip off;
    proxy_redirect off;

    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
  }

}

solid_ssl_error.log gives 2020/07/29 07:48:44 [error] 6754#0: *2 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 188.101.79.67, server: 0.0.0.0:443

next step I will try is https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/

aveltens · July 30, 2020, 6:59pm

It says it right away. Indeed I cannot find any ssl_certificate and ssl_certificate_key in your nginx config. Appears to be nothing Solid related.

ewingson · July 31, 2020, 5:45am

admitted, right, closed

aveltens · July 31, 2020, 8:04am

ok, it is in so far Solid related as the documentation you mentioned does not contain a ssl_certificate either. So if you manage to have a working config, it would be helpful to submit a PR to that example.

bourgeoa · August 2, 2020, 4:31pm

I don’t know if your problem is solved.
This is what I used for the server where solid.community is installed behind nginx

https://gitlab.com/solid.community/pro# redirect all http to https
server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

ewingson · August 2, 2020, 6:09pm

thanx @bourgeoa .

this prob is solved, others arose. have no time nor mind to keep track of solidweb.org at the moment.

ewingson · August 9, 2020, 3:24am

@aveltens @bourgeoa
I dont know, if I can generalize my config. I’ ve got it running using https://gist.github.com/ewingson/c6e97a996aa51eac9f7fd1b7eaf14dc4
I don’ t dare a PR

Topic		Replies	Views
Failed to access docker based node-solid-server remotely Server Administration	11	3098	November 30, 2018
Access CSS from remote machines	1	244	March 20, 2023
SolidOS cloned repo not serving, although server running	1	306	February 21, 2021
Solid - TLS 2.0	0	562	March 13, 2019
🚀 Running nginx+letsencrypt+solid in less then 5 minutes	3	2099	April 28, 2020

Nginx reverse proxy issue on solidweb.org

Related Topics