Access to the Server thru the machine’s IP and default port (10.xx.xx.64:3000) works. However, when I open the URL from outside nginx reverse proxy the browser loads only the page name but nothing else (blank page).
Somewhere I found a hint that IP-Adress as URL is not supported (which is bad for me because I want to have access thru VPN as well where no DNS is available) so I also tried with the machines hostname as URL with the same result (http*s://hostname)
Can anyone assist how to troubleshoot this?
I had to put this * in there due to limitation of new forum users only allowed to post 2 links
First, what you want to do is non trivial. As a result you need to do is a lot of reading on DNS, SSL, Proxies and firewalls. Educating yourself will help a lot. The interwebs have a gazzilion pages on this sort of stuff.
Is nginx on the same machine as Rocket or a different machine? Can the nginx machine be accessed from the internet in general ?
Please post your nginx config file.
Firewalls involved: none
REALLY??
I want to have access thru VPN as well where no DNS is available
upstream backend {
server 127.0.0.1:3000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name srv-chat 10.8.189.64;
location / {
return 301 https://$server_addr$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name srv-name 10.xx.xx.64;
client_max_body_size 200M;
# Certificates used
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_protocols TLSv1.2;
# ssl_protocols TLSv1.1;
# Cipher suite from https://cipherli.st/
# Max. security, but lower compatibility
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
#ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# Server should determine the ciphers, not the client
ssl_prefer_server_ciphers on;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# SSL session handling
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none always;
add_header X-Download-Options noopen always;
add_header X-Permitted-Cross-Domain-Policies none always;
add_header Referrer-Policy no-referrer always;
location = / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
nginx is on the same machine. For now this is only a test setup and the whole machine cannot be reached from the internet. So yes, really no firewall for now.
Forget about the VPN thing because it is not in use here and not relevant for this issue.
