Re: net::ERR_SSL_PROTOCOL_ERROR

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_SSL_PROTOCOL_ERROR

J.R.
> But when I connect to my website's through website name I get
> net::ERR_SSL_PROTOCOL_ERROR :

Guessing based on the "Certificate Common Name Invalid" is because you
are connecting with "localhost" and "129.168.1.7" whereas your
certificate has the actual DNS hostname...
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_SSL_PROTOCOL_ERROR

Olaf van der Spek
Hi!,
I do not understand what should I modify.

If I should use ggc,world when connecting with the browser, this is what I
already do:
https://drive.google.com/open?id=10MYySDKhPx9L-QucqzxN5NTratJEOJZR

If instead I should put ggc.world instead of local (127.0.0.1) in
/etc/nginx/conf.d/default.conf , this is the result of my trial:

/etc/nginx/conf.d/default.conf :


    server {
        listen 443 ssl http2 default_server;
        server_name ggc.world;

        ssl_certificate /etc/letsencrypt/live/ggc.world/fullchain.pem; #
managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/ggc.world/privkey.pem; #
managed by Certbot
        ssl_trusted_certificate /etc/letsencrypt/live/ggc.world/chain.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        ssl_session_timeout 5m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-
         
draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        #ssl_stapling on;
        #ssl_stapling_verify on;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }

        location / {
            #proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_pass <a href="http://ggc.world:8080;">http://ggc.world:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
       }
    }

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        error_page 497 <a href="https://$host:$server_port$request_uri;">https://$host:$server_port$request_uri;
        server_name www.ggc.world;
        return 301 https://$server_name$request_uri;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }

        location / {
            #proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_pass <a href="http://ggc.world:8080;">http://ggc.world:8080;
            proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    upstream websocket {
        ip_hash;
        #server localhost:3000;
        server ggc.world:3000;
    }

    server {
        listen 81;
        server_name ggc.world www.ggc.world;

        #location / {
        location ~ ^/(websocket|websocket\/socket-io) {
            #proxy_pass <a href="http://127.0.0.1:4201;">http://127.0.0.1:4201;
            proxy_pass <a href="http://ggc.world:4201;">http://ggc.world:4201;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Forwared-For $remote_addr;
            proxy_set_header Host $host;

            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }

I get this output:
    https://drive.google.com/open?id=1zUSN9wP6h9svizahMjhhFFbY0CLN71Aw

Can you please explain me?
Thank you for your kind help
Marco

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286991,286996#msg-286996

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: net::ERR_SSL_PROTOCOL_ERROR

Reinis Rozitis
> Hi!,
> I do not understand what should I modify.

The problem is your backend application (I assume node app) which listens on the 8080 port. While nginx is doing everything right the app responds and constructs the urls using internal ip and/or 'localhost'.

Depending on what the app uses for the urls you could try to add:

proxy_set_header Host $host;

in the location / { proxy_pass  ... }  block (for some reason you have it only in the server block which listens on port 81).


rr

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: RE: net::ERR_SSL_PROTOCOL_ERROR

Olaf van der Spek
Hi Reinis,

setting in /etc/nginx/conf.d/default.conf proxy_set_header Host $host in the
location / as follows:

    server {
        listen 443 ssl http2 default_server;
        server_name ggc.world;

        ssl_certificate /etc/letsencrypt/live/ggc.world/fullchain.pem; #
managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/ggc.world/privkey.pem; #
managed by Certbot

        ssl_trusted_certificate /etc/letsencrypt/live/ggc.world/chain.pem;

        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        ssl_session_timeout 5m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-
           
draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        #ssl_stapling on;
        #ssl_stapling_verify on;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }

        location / {
            proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
        }
    }

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        error_page 497 <a href="https://$host:$server_port$request_uri;">https://$host:$server_port$request_uri;
        server_name www.ggc.world;
        return 301 https://$server_name$request_uri;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }

        location / {
            proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
        }
    }

    upstream websocket {
        ip_hash;
        server localhost:3000;
    }

    server {
        listen 81;
        server_name ggc.world www.ggc.world;

        #location / {
        location ~ ^/(websocket|websocket\/socket-io) {
            proxy_pass <a href="http://127.0.0.1:4201;">http://127.0.0.1:4201;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Forwared-For $remote_addr;
            proxy_set_header Host $host;

            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }

I get "Invalid Host header" :
    https://drive.google.com/open?id=1Y8-PsrB7QdTD--TtTHxnYW_dzaxrRKuc

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286991,286999#msg-286999

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_SSL_PROTOCOL_ERROR

Olaf van der Spek
In reply to this post by J.R.
Solved the problem thanks to Francis Daly who pointed me to the right
direction:
  https://forum.vuejs.org/t/vue-with-nginx/26843/3

    // vue.config.js
    module.exports = {
      // options...
      publicPath: '',
      devServer: {
        host: '0.0.0.0',
        port: 8080,
        public: 'ggc.world'
      },
    }

Now it works fine:
https://drive.google.com/open?id=1PUctgdYLoVmJRvYyG040BFNGOev2yhRX

Besides to Francis, whose contribution was resolutive, I thank J.S. and
Reinis for their kind help.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286991,287001#msg-287001

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx