Search code examples
httpnginxhttpsvps

How to connect https front with http spring boot backend on one VPS server with NGINX?

Here is my site NGINX configuration file, I don't know how to make my https domain work with http backend, that works on the same VPS server.

I've read 4-5 questions about this problem - nothing helps

Nginx Server http to https not working. When i remove certbot config and add his one, my frontend stops working

Nginx with Frontend and Backend Server - suggestion from this question isn't working too

My frontEnd can't take data from backEnd. BackEnd works on http://localhost:8080/api/ This is the error that i get in browser console

GET http://localhost:8080/api/category/ net::ERR_CONNECTION_REFUSED

server {

        root /var/www/greenway/html;
        index index.html index.htm index.nginx-debian.html;

        server_name greenway-vld greenway-vld.ru www.greenway-vld.ru www.greenway-vld

        location / {
                try_files $uri $uri /index.html;
        }
        location /api{
                proxy_pass http://localhost:8080;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.greenway-vld.ru/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.greenway-vld.ru/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}
server {
    if ($host = www.greenway-vld.ru) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    if ($host = greenway-vld.ru) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    if ($host = greenway-vld) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    if ($host = http://www.greenway-vld.ru) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    if ($host = http://greenway-vld.ru) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    if ($host = http://greenway-vld) {
        return 301 https://$host$request_uri;

        listen 80;
        listen [::]:80;

        server_name greenway-vld greenway-vld.ru www.greenway-vld.ru www.greenway-vld
    return 404; # managed by Certbot


}
Solution

  • What exactly do you want to configure and what exactly doesn't work?
    If redirect from http to https, then something like this:

    server {
  listen 80;
  server_name www.greenway-vld.ru greenway-vld.ru greenway-vld;
  return 301 https://$host$request_uri;
}
server {
  listen 443 ssl
  server_name www.greenway-vld.ru greenway-vld.ru greenway-vld;
  ssl_certificate /etc/letsencrypt/live/www.greenway-vld.ru/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/www.greenway-vld.ru/privkey.pem;
  ...
  ...
}

    EDIT:
    more complete config

    1. redirect from http to non-www https
    server {
    listen SERVER_IP:80;
    server_name domain.tls www.domain.tld;
    return 301 https://$host$request_uri;
}
    1. redirect from www https to non-www https
    server {
    listen SERVER_IP:443 ssl http2;
    server_name www.domain.tld;
    ssl_certificate "/etc/letsencrypt/live/domain.tld/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/domain.tld/privkey.pem";
    return 301 https://$host$request_uri;
}
    1. https main server block
    server {
    listen SERVER_IP:443 ssl http2;
    server_name domain.tld;
    ssl_certificate "/etc/letsencrypt/live/domain.tld/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/domain.tld/privkey.pem";
    ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_dhparam /etc/ssl/certs/dhparam2048.pem;
    include /etc/nginx/includes/*.conf;
    access_log /var/www/logs/domain.tld.access.log;
    error_log /var/www/logs/domain.tld.error.log error;
    root /var/www/domain.tld;
    index index.html index.php;
    location /
    .... 
    }
}

    EDIT2:
    Proxy to node.js application example

    location /api/ {
  proxy_pass http://127.0.0.1:8080/;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
}