Search code examples

How to set up strapi through Nginx with SSL

I'm working on digitalOcean droplets.

I've been trying to follow this guide for hours now, but I just can't get it to work. When I try to connect, I get 502 bad gateway, don't know what that means. When I had just the 8011 port enabled through firewall and connected to the port directly through the DNS, it worked fine.

doing nginx -t says that syntax is fine, I tried restarting the service many times, the keys work.


# Strapi server
upstream strapi {


server {
        # Listen HTTP
        listen 80;

        # Redirect HTTP to HTTPS
        return 301 https://$host$request_uri;

server {
        # SSL configuration
        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate     /etc/nginx/certificate/;
        ssl_certificate_key /etc/nginx/certificate/;


        # Proxy Config
        location / {
        proxy_pass http://strapi;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;


module.exports = ({ env }) => ({
  host: env('HOST', ''),
  port:'PORT', 8011),
  url: '',

sudo ufw status:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
8011/tcp                   DENY        Anywhere
Nginx HTTP                 ALLOW       Anywhere
Nginx HTTPS                ALLOW       Anywhere
8011                       DENY        Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
8011/tcp (v6)              DENY        Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
Nginx HTTPS (v6)           ALLOW       Anywhere (v6)
8011 (v6)                  DENY        Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)


  • I did a netstat -tulpn | grep LISTEN and found out that my app wasn't listening on localhost, but the public IP. Looking at my strapis .env file I realised that I setHOST:{public ip}, not APP_URL:{public ip}, meaning my upstream connection was on the wrong IP. Fixing my env file solved it.