How to fix nginx default configuration after installing an let's encrypt SSL on digital ocean with Ubuntu 18.04?

0
votes

I had my website running but SSL was only working on non-www. After I reinstalled the let's encrypt SSL certificate the site crashed. I was able to make the front run but not the api.

I moved the site to a new droplet and installed Nginx, Pm2, and certbot with python on Ubuntu 18.04 with Nodejs.

The site is not loading and it is a bit frustrating. I think the issue was that certbot rewrited the ngix default file and I am not sure how to fix it.

This is the configuration I have on /etc/nginx/sites-available/default

upstream my_app {
    server 127.0.0.1:3000;
}
server {
  #listen 80;
  listen   [::]:80;
  #listen 443 ssl;
  #listen [::]:443 ssl;

  if ($host = www.mysite.com) {
      return 301 https://mysitehere$request_uri;
  }

  server_name roomies.es;

  listen 443 ssl;
  ssl on;
  ssl_certificate    /etc/letsencrypt/live/mysite.com/fullchain.pem;
  ssl_certificate_key    /etc/letsencrypt/live/mysite.com/privkey.pem;

    if ($ssl_protocol = "") {
       rewrite ^   https://$server_name$request_uri? permanent;
    }

  location / {

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass         https://mysite_app;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }


  location ~ /.well-known {
    allow all;
  }

}
```

I need the front to run on port 3000 and my api on port 4000.

Thanks in advance!
1
nginxnginx-locationnginx-config

1 Answers

0
votes

This is how I had to set up my NGINX configs after installing Let's Encrypt:

/etc/nginx/sites-enabled/default (which should be the same file as /etc/nginx/sites-available/default):

# Default server configuration
server {

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name example.com;

        return 301 https://www.example.com$request_uri;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

To be clear, the return 301 is to ensure all non-www traffic is moved to the www version of the URL.

Remember to save your config on a notepad or something so you can quickly revert back to the original if this doesn't work.