Once upon a good time, I had a good config for three NodeJs, socket.io API running on the same Ubuntu 16.4 LTS VPS server with PM2 for process managing and Nginx for reverse proxy to three different subdomains.
My installed successfully a SSL certificate from Let's encrypt and all subdomains are from the same domain (let's say exemple.com) and should be redirect to https.
Once I tried to add a fourth subdomain for a non NodeJs application (PHP/laravel), the reverse proxy is not passed anymore and unfortunately i don't have a backup of my old Nginx config.
Now, I am trying to get back my VPS´s harmony with the three old NodeJs apps, but it gives me 504 Gateway Time-out from Nginx.
Here is my config that I think is the same old one:
This config works fine on chrome, but i'm trying to reach my APIs from mobile and desktop applications.
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# App1 from port 3000 to sub1.exemple.com
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub1.exemple.com;
# Use the Let’s Encrypt certificates
ssl_certificate
/etc/letsencrypt/live/sub1.exemple.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/sub1.exemple.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:3000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# App2 from port 4000 to sub2.exemple.com
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub2.exemple.com;
# Use the Let’s Encrypt certificates
ssl_certificate
/etc/letsencrypt/live/sub2.exemple.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/sub2.exemple.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:4000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# App2 from port 5000 to sub3.exemple.com
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub3.exemple.com;
# Use the Let’s Encrypt certificates
ssl_certificate
/etc/letsencrypt/live/sub3.exemple.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/sub3.exemple.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:5000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Update for more info.
Nginx, NodeJs and PM2 doesn't give any errors. logs are clean. Here is what i get when inspect requests.
It succeed when socket request: (Both wss:// & https://)
It fail when others request:
I wanna refer also that the SSL is well installed for each sub and the apps are stable and running on local server without any problems.
Best Answer
Try to add
proxy_set_header X-Forwarded-Proto $scheme;inside location block