I have a React application and Django application served by Nginx. I would like to find a way to serve React on domain.com and Django on api.domain.com. Additionally, both frontend and backend must use HTTPS so they must be listening on port 443 at the same time. Right now, I have an SSL certificate for the frontend.
Will changing the server_name for the frontend to domain.com and the backend to api.domain.com be enough to handle my requirements?
Is this a better configuration than having my API be served under domain.com/api/?
NGINX Server Block for Frontend:
server {
root /home/ubuntu/example/frontend/build;
server_name example.software www.example.software;
index index.html index.htm;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.software/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.software/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.software) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.software www.example.software;
return 404; # managed by Certbot
}
NGINX Server Block for Backend:
server {
listen 80 default_server;
listen [::]:80 default_server;
location = /favicon.icon { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/example/backend/sys;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
Related
Using static /var/www/reactappsbuildhere works fine for
thismydomain.com with React router dom link to thismydomain.com/contact Works
but not thismydomain.com/contact directly into url will get error 404 not found
For example, I build an app using react js put into /var/www
domain.com/contact
in NGINX getting error 404 for https://thismydomain.com/contact
but work fine for domain.com (enter thismydomain.com/contact works fine) but if i refresh it become 404
server {
server_name thismydomain.com;
root /var/www/thismydomain;
index index.html;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/thismydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/thismydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = thismydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name thismydomain.com;
root /var/www/mydomain;
return 404; # managed by Certbot
}
I deployed a web application on an ubuntu server and everything work just fine. Until I installed letsencrypt ssl on nginx reverse proxy suddenly my ReactJS frontend throws net::ERR_SSL_PROTOCOL_ERROR error. What am I doing wrong? Both application run on same server.
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name domain.tld www.domain.tld;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://localhost:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sitedomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sitedomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#return 301 https://$host$request_uri;
}
server {
if ($host = www.domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.tld tld;
return 404; # managed by Certbot
}
This is my nginx config file above.
My backend is running on the same server on port 9000.
My frontend loads with https correctly but unable to connect to backend on port 9000 on the same machine.
Note: my frontend is on port 5555 accessible through nginx reverse proxy
So as the title says I am deploying a react app with the express backend on an ec2 instance.
What I am attempting to do to do:
(just listing this here to provide crucial context just in case I'm messing up elsewhere)
have my express production mode run on port 80 with the react build html as root.
run the build on an ec2 instance
use nginx to reverse proxy to my domain on https and port 443
run server.js on production mode via PM2
Things I am currently having trouble with:
My Nginx configuration was originally configured to try to proxy the react app running with the express app through a reverse proxy between the two. That's changed so I am trying to now have the server configured to reverse proxy everything into my app.
I was following this article as my reference but the major difference is they want me to use the nginx conf file and not the sites_enabled file which I had made my initial nginx setup. From what i can see in the article it looks like the configuration files changed layout as well so that may be outdated practice.
Here is what I currently have for Nginx sites_enabled:
listen 443 default_server;
listen [::]:443 default_server;
server_name example.com www.example.com;
root /home/ubuntu/client/build;
location / {
try_files $uri /index.html;
}
location /complete {
proxy_pass https://www.example.com;
}
# managed by Certbot
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 0.0.0.0:80;
server_name example.com www.example.com;
rewrite ^ https://$host$request_uri? permanent;
}
At the time of writing this I am not able to run things like this so I can only use express setting it to port 443 and placing the certification files there.
I'm using DigitalOcean droplet to host React app, which is just a personal website of mine. It works fine. I also used certbot to get a ssl certificate on my page.
Now I'm trying to run gitea server under a subdomain. So I did the setup, got to the initial install page (git.domain.com/install), and finished that. I logged into my running gitea server and everything seemed to be working fine.
Then I extended my ssl certification to include the subdomain. It sill seemed to be working fine from what I could tell.
However, now (5 hours later), when I try to go to "git.domain.com" it displays my personal web page, instead of the gitea page. But the url remains the same i.e. "git.domain.com". (So, maybe it was broke after I the added the ssl cert to the subdomain, but didn't realize the problem, because of the browser cache history)
I checked...
gitea is still running under localhost:3000
Nginx is running without error
sites-available is linked with sites-enabled
DNS records on DigitalOcean
I assume the issue is either with ...
nginx config files
ssl cert config with gitea (I used certbot to extend the existing ssl cert to include the subdomain)
gitea app.ini config
It's driving me a little mad that I can't figure it out, so I decided to post this. Any help is appreciated. Let me know, if there is any other pertinent information I should provide.
Here are the files:
# nginx domain.com file
server {
root /var/www/domain.com/html;
index index.html index.htm index.nginx-debian.html;
server_name domain.com www.domain.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
# nginx git.domain.com file
server {
server_name git.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = git.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name git.domain.com;
return 404; # managed by Certbot
}
# gitea app.ini file
APP_NAME = Gitea - Git with a cup of tea
RUN_USER = git
RUN_MODE = prod
[oauth2]
JWT_SECRET = FakePass
[security]
INTERNAL_TOKEN = FakeToken
INSTALL_LOCK = true
SECRET_KEY = FakeSecretKey
[database]
DB_TYPE = mysql
HOST = 127.0.0.1:3306
NAME = gitea
USER = gitea
PASSWD = FakePassword
SSL_MODE = disable
CHARSET = utf8
PATH = /var/lib/gitea/data/gitea.db
ROOT = /home/git/gitea-repositories
[server]
SSH_DOMAIN = git.domain.com
DOMAIN = git.domain.com
ROOT_URL = http://localhost:3000/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET = FakeSecretJWTpassword
OFFLINE_MODE = false
HTTP_ADDR = /run/gitea/gitea.sock
PROTOCOL = unix
UNIX_SOCKET_PERMISSION = 666
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false
[session]
PROVIDER = file
[log]
MODE = file
LEVEL = info
ROOT_PATH = /var/lib/gitea/log
Here is my Nginx config for my react app
server {
listen 8080 ssl default_server;
listen [::]:8080 ssl default_server;
listen 443 ssl;
listen [::]:443 ssl;
# ssl on;
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.com/privatekey.pem;
root /home/ubuntu/project-folder/dist/;
index index.html index.htm index.nginx-debian.html;
server_name _;
error_page 404 /index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
}
}
The SSL is enabled it working for https://website.co:8080 but not working on https://website.co and how to redirect if an HTTP request comes? how to handle?