Search code examples
node.jssslnginxhttpskoa

Koajs routes work with HTTP but broken with HTTPS

I'm setting up HTTPS on my koa2 API with letsencrypt, using the last part of this DigitalOcean guide. I'm using nginx for reverse proxy. Everything works fine with HTTP but with HTTPS my routes are broken, and since this is my first time setting up HTTPS, I'm having a hard time finding the cause. For example, with plain HTTP, making a request to http://myapi.com/api/some-route, I'd see a request looking something like

{ 
  request: { 
  method: 'GET', 
  url: '/api/some-route', 
  header: { 
    'origin': 'https://myapi.com', 
    accept: '*/*' 
  } 
}

With HTTPS it looks like 

{ 
  request: { 
  method: 'GET', 
  url: '//some-route', 
  header: {accept: '*/*' } 
}

The request.url is funky and the origin header is missing. I'm not able to hit any of my routes. I'm wondering if it's an issue with my nginx config, but having a hard time figuring out where to start.

This is the nginx config, mostly just copied from the DigitalOcean guide

server {
   listen 80;
   listen [::]:80 default_server ipv6only=on;
   return 301 https://$host$request_uri;
}

server {
  listen 443;
  server_name myapi.com;
  ssl on;
  # Use certificate and key provided by Let's Encrypt:
  ssl_certificate /etc/letsencrypt/live/myapi.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/myapi.com/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

  location /api {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://localhost:3000/;
    proxy_ssl_session_reuse off;
    proxy_set_header Host $http_host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
  }
}
Solution

  • Trailing slashes have a special meaning in NGINX configuration. I believe that adding a trailing slash (or rather, a path that ends with a slash) in proxy_pass sets the new "root" that NGINX uses to pass requests to.

    So if you use http://localhost:3000/, NGINX will pass requests that match https://your-site/api/some-route to http://localhost:3000//some-route (because it uses / as the new root.

    If you don't add a trailing slash, NGINX will work as expected and pass requests to http://localhost:3000/api/some-route:

    proxy_pass http://localhost:3000;