net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
I created a brand new tiny webapp with vue cli, so without adding anything,
apart from what the empty vue-cli scaffolding brings:

    (base) marco@pc:~/vueMatters/testproject$ npm run serve


    > testproject@0.1.0 serve /home/marco/vueMatters/testproject
    > vue-cli-service serve

    INFO Starting development server...
    98% after emitting CopyPlugin

    DONE Compiled successfully in 1409ms 8:14:46 PM


    App running at:
    - Local: localhost:8080
    - Network: 192.168.1.7:8080

    Note that the development build is not optimized.
    To create a production build, run npm run build.

And got this error message :
https://drive.google.com/open?id=10GcVFmqNVGRjox3wklJtcrAkIWM3kOp8

    "GET https://localhost/sockjs-node/info?t=1580228998416
net::ERR_CONNECTION_REFUSED"



node --version
v12.10.0

npm -v
6.13.6

webpack-cli@3.3.10

Ubuntu 18.04.03 Server Edition

This is the /etc/nginx/conf.d/default.conf :

server {
    listen 443 ssl http2 default_server;
    server_name ggc.world;

    ssl_certificate /etc/ssl/certs/chained.pem;
    ssl_certificate_key /etc/ssl/private/domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers
EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    #ssl_stapling on;
    #ssl_stapling_verify on;

    access_log /var/log/nginx/ggcworld-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    error_page 497 <a href="https://$host:$server_port$request_uri;">https://$host:$server_port$request_uri;
    server_name www.ggc.world;
    return 301 https://$server_name$request_uri;

    access_log /var/log/nginx/ggcworld-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

# https://www.nginx.com/blog/nginx-nodejs-websockets-socketio/
# https://gist.github.com/uorat/10b15a32f3ffa3f240662b9b0fefe706
# http://nginx.org/en/docs/stream/ngx_stream_core_module.html

upstream websocket {
    ip_hash;
    server localhost:3000;
}

server {
    listen       81;
    server_name  ggc.world www.ggc.world;

    location / {
        proxy_pass http://websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
    }

    #location /socket.io/socket.io.js {
    #    proxy_pass http://websocket;
    #}

}



How to solve the problem? How to correctly configure Nginx with socket.io?

Marco

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286850#msg-286850

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
Add-on to the previous email:

using firefox as web browser, I get this error message:
https://drive.google.com/open?id=1l6USIHrbHl6kBcQtormXplOgx0J653ko

  "Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at https://localhost/sockjs-node/info?t=1580304400023.
(Reason: CORS request did not succeed)."

Looking at Mozilla Developer explanation:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default

"What went wrong?

The HTTP request which makes use of CORS failed because the HTTP connection
failed at either the network or protocol level. The error is not directly
related to CORS, but is a fundamental network error of some kind.

In many cases, it is caused by a browser plugin (e.g. an ad blocker or
privacy protector) blocking the request.

Other possible causes include:

    Trying to access an https resource that has an invalid certificate will
cause this error.
    Trying to access an http resource from a page with an https origin will
also cause this error.
    As of Firefox 68, https pages are not permitted to access
http://localhost, although this may be changed by Bug 1488740.
    The server did not respond to the actual request (even if it responded
to the Preflight request). One scenario might be an HTTP service being
developed that panicked without returning any data.
"

Checked the TLS Certificates with https://www.digicert.com/help/ :
and the result is:
" TLS Certificate has not been revoked.
  TLS Certificate expires soon. The primary TLS Certificate expires on
February 28, 2020 (30 days remaining)
  Certificate Name matches ggc.world
  TLS Certificate is correctly installed "

So may be my nginx configuration has to be improved.

Looking forward to your kind help.
Marco

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286851#msg-286851

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
On Wed, Jan 29, 2020 at 08:39:16AM -0500, MarcoI wrote:

Hi there,

> So may be my nginx configuration has to be improved.

What request do you make?

What response do you get?

What response do you want to get, instead?

If you can use something like "curl -v" to show one specific request
that gets a response that you do not want, that may help make it clear
where the problem is.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
Hi Francis,
thanks for helping.

curl on PC-Server (Ubuntu 18.04.03 Server Edition):

(base) marco@pc:~/vueMatters/testproject$     curl -Iki
http://localhost:8080/
HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 774
ETag: W/"306-TZR5skx9okrXHMJbxwuiUem3Jkk"
Date: Thu, 30 Jan 2020 09:32:30 GMT
Connection: keep-alive

But from a laptop (Ubuntu 18.04.03 Desktop):
- https://drive.google.com/open?id=1r56ZApxg3gQLRakKGCwI7CriQbbmfrLh
- https://drive.google.com/open?id=1Dm-PC85pjGfqIeMOS45k3hvV9PANgOH5

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286862#msg-286862

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Anoop Alias
GET https://localhost/sockjs-node/info?t=1580228998416
net::ERR_CONNECTION_REFUSED"

means it is connecting to localhost:443 ( default https port) and not port 8080

On Thu, Jan 30, 2020 at 6:41 PM MarcoI <[hidden email]> wrote:
Hi Francis,
thanks for helping.

curl on PC-Server (Ubuntu 18.04.03 Server Edition):

(base) marco@pc:~/vueMatters/testproject$     curl -Iki
http://localhost:8080/
HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 774
ETag: W/"306-TZR5skx9okrXHMJbxwuiUem3Jkk"
Date: Thu, 30 Jan 2020 09:32:30 GMT
Connection: keep-alive

But from a laptop (Ubuntu 18.04.03 Desktop):
- https://drive.google.com/open?id=1r56ZApxg3gQLRakKGCwI7CriQbbmfrLh
- https://drive.google.com/open?id=1Dm-PC85pjGfqIeMOS45k3hvV9PANgOH5

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286862#msg-286862

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


--
Anoop P Alias 


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
Sorry for my ignorance...
how to practically modify the /etc/nginx/conf.d/default.conf ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286864#msg-286864

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
In reply to this post by redflag
With this /etc/nginx/conf.d/default.conf :  

    server {
        listen 443 ssl http2 default_server;
        server_name ggc.world;

        ssl_certificate /etc/ssl/certs/chained.pem;
        ssl_certificate_key /etc/ssl/private/domain.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers
EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        #ssl_stapling on;
        #ssl_stapling_verify on;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }
        location / {
            proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        error_page 497 <a href="https://$host:$server_port$request_uri;">https://$host:$server_port$request_uri;
        server_name www.ggc.world;
        return 301 https://$server_name$request_uri;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }
        location / {
            proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    # https://www.nginx.com/blog/nginx-nodejs-websockets-socketio/
    # https://gist.github.com/uorat/10b15a32f3ffa3f240662b9b0fefe706
    # http://nginx.org/en/docs/stream/ngx_stream_core_module.html

    upstream websocket {
        ip_hash;
        server localhost:3000;
    }

    server {
        listen       81;
        server_name  ggc.world www.ggc.world;

        #location / {
        location ~ ^/(websocket|websocket\/socket-io) {
            proxy_pass <a href="http://127.0.0.1:4201;">http://127.0.0.1:4201;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Forwared-For $remote_addr;
            proxy_set_header Host $host;

            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
         }

    }
    #
https://stackoverflow.com/questions/40516288/webpack-dev-server-with-nginx-proxy-pass
 

with vue.config.js :  

    module.exports = {
      // options...
      publicPath: '',
      devServer: {
        host: 'localhost',
      }
    }

and with this webpack.config.js :  

    {
        "mode": "development",
        "entry": [
            "src/index.js",
            "webpack-dev-server/client?http://" + require("os").hostname() +
":3000/"
        ],
        "output": {
            "path": __dirname+'/static',
            "filename": "[name].[chunkhash:8].js"
        },
        "module": {
            "rules": [
                {
                    "test": /\.vue$/,
                    "exclude": /node_modules/,
                    "use": "vue-loader"
                },
                {
                    "test": /\.pem$/,
                    "use": "file-loader"
                }
            ]
        },
        plugins: [
            new BrowserSyncPlugin(
                {
                    host: 'localhost',
                    port: 3000,
                    proxy: '<a href="http://localhost:8080'">http://localhost:8080'
                },
                {
                    reload: false
                }
            ),
        ],
        node: {
            __dirname: false,
            __filename: false
        },
        resolve: {
            extension: ['*', '.pem']
        },
        devServer: {
            watchOptions: {
                aggregateTimeout: 300,
                poll: 1000
            }
        }
    }

And still get this error message:

GET https://localhost/sockjs-node/info?t=1580397983088
net::ERR_CONNECTION_REFUSED     :  

https://drive.google.com/open?id=1Dm-PC85pjGfqIeMOS45k3hvV9PANgOH5

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286866#msg-286866

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
In reply to this post by redflag
On Thu, Jan 30, 2020 at 08:11:15AM -0500, MarcoI wrote:

Hi there,

> curl on PC-Server (Ubuntu 18.04.03 Server Edition):
>
> (base) marco@pc:~/vueMatters/testproject$     curl -Iki
> http://localhost:8080/
> HTTP/1.1 200 OK

So from the nginx-and-vue server, you can access vue.

> But from a laptop (Ubuntu 18.04.03 Desktop):
> - https://drive.google.com/open?id=1r56ZApxg3gQLRakKGCwI7CriQbbmfrLh
> - https://drive.google.com/open?id=1Dm-PC85pjGfqIeMOS45k3hvV9PANgOH5

That seems to show that from a different machine, you can access nginx,
which reverse-proxies to vue; and the content from vue includes links or
redirects to localhost (and to localhost:8080). And those links will fail.

I cannot tell from these pictures what one http request was made and what
response was received -- maybe the output of "curl -vk https://ggc.world"
from this machine will show something?

If the issue is that vue is returning a http 301 or 302 redirect to
something below localhost or localhost:8080, then either changing that
in vue, or adding proxy_redirect in nginx, may be best.

If the issue is that vue is returning a http 200 with content that links
to localhost, then that should be changed in vue.

I suspect that almost anything in the vue config that mentions localhost,
should be removed. But vue people may be a better source of information
there.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
In reply to this post by redflag
I add more information and a question:

From within the PC-Server:

    (base) marco@pc:~$ curl -Iki
https://localhost/sockjs-node/info?t=1580397983088
    HTTP/2 405
    server: nginx/1.14.0 (Ubuntu)
    date: Fri, 31 Jan 2020 08:19:02 GMT
    allow: OPTIONS, GET

From the laptop:

    (base) marco@marco-U36SG:~$ curl -Iki
https://ggc.world/sockjs-node/info?t=1580397983088
    HTTP/1.1 405 Method Not Allowed
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 31 Jan 2020 09:34:59 GMT
    Connection: keep-alive
    Allow: OPTIONS, GET

What does it mean "HTTP/1.1 405 Method Not Allowed" ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286872#msg-286872

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
On Fri, Jan 31, 2020 at 04:40:45AM -0500, MarcoI wrote:

Hi there,

> I add more information and a question:

>     (base) marco@marco-U36SG:~$ curl -Iki
> https://ggc.world/sockjs-node/info?t=1580397983088
>     HTTP/1.1 405 Method Not Allowed
>     Server: nginx/1.14.0 (Ubuntu)
>     Date: Fri, 31 Jan 2020 09:34:59 GMT
>     Connection: keep-alive
>     Allow: OPTIONS, GET
>
> What does it mean "HTTP/1.1 405 Method Not Allowed" ?

Exactly what is says.

"curl -I" does HEAD not GET. Some part of your system does not want to
allow HEAD requests.

What does "curl -vk" show? That will make a GET request.

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
From within the PC-Server:

(base) marco@pc:~/vueMatters/testproject$ curl -vk
https://localhost/sockjs-node/info?t=1580397983088
*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=ggc.world
*  start date: Nov 30 11:22:10 2019 GMT
*  expire date: Feb 28 11:22:10 2020 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade:
len=0
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* Using Stream ID: 1 (easy handle 0x559bc64c5580)
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET /sockjs-node/info?t=1580397983088 HTTP/2
> Host: localhost
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 200
< server: nginx/1.14.0 (Ubuntu)
< date: Fri, 31 Jan 2020 14:00:47 GMT
< content-type: application/json; charset=UTF-8
< access-control-allow-origin: *
< vary: Origin
< cache-control: no-store, no-cache, no-transform, must-revalidate,
max-age=0
< strict-transport-security: max-age=31536000
<

From the laptop:

(base) marco@marco-U36SG:~$ curl -vk
https://ggc.world/sockjs-node/info?t=1580397983088
*   Trying 2.36.58.214:443...
* TCP_NODELAY set
* Connected to ggc.world (2.36.58.214) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /home/marco/anaconda3/ssl/cacert.pem
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=ggc.world
*  start date: Nov 30 11:22:10 2019 GMT
*  expire date: Feb 28 11:22:10 2020 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /sockjs-node/info?t=1580397983088 HTTP/1.1
> Host: ggc.world
> User-Agent: curl/7.65.2
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Fri, 31 Jan 2020 14:04:11 GMT
< Content-Type: application/json; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Vary: Origin
< Cache-Control: no-store, no-cache, no-transf

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286879#msg-286879

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
Sorry I have to complete the last answer:

From the laptop:

(base) marco@marco-U36SG:~$ curl -vk
https://ggc.world/sockjs-node/info?t=1580397983088
*   Trying 2.36.58.214:443...
* TCP_NODELAY set
* Connected to ggc.world (2.36.58.214) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /home/marco/anaconda3/ssl/cacert.pem
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=ggc.world
*  start date: Nov 30 11:22:10 2019 GMT
*  expire date: Feb 28 11:22:10 2020 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /sockjs-node/info?t=1580397983088 HTTP/1.1
> Host: ggc.world
> User-Agent: curl/7.65.2
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Fri, 31 Jan 2020 14:20:19 GMT
< Content-Type: application/json; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Vary: Origin
< Cache-Control: no-store, no-cache, no-transform, must-revalidate,
max-age=0
< Strict-Transport-Security: max-age=31536000
<
* Connection #0 to host ggc.world left intact
{"websocket":true,"origins":["*:*"],"cookie_needed":false,"entropy":1587194190}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286880#msg-286880

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
In reply to this post by redflag
On Fri, Jan 31, 2020 at 09:05:08AM -0500, MarcoI wrote:

Hi there,

Thanks for that info.

Sadly, it looks like the "curl" output is not immediately-obviously
useful for determining why your browser tries to access "localhost"
when you tell it to access ggc.world.

If you repeat the initial test in the browser, that gave you the
sockejsError08.jpg picture, but look at the "Network" tab -- where does
the word "localhost" first appear?

You are pointing your browser at ggc.world. Either a http redirect
response header, or some response body content, invites the browser to
try to access localhost.

*That* is the thing that needs to be changed. If you can see where it is,
then maybe it will be clear how to change it.

Good luck with it!

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
This is the output of the "Network" tab :
https://drive.google.com/open?id=1QJMe8FEBrEuWacHWeJ_TQegMkF0v68AY
" Either a http redirect response header, or some response body content,
invites the browser to try to access localhost" :
as far as I see and understand, the requested URL, or the URL to which the
initial request is redirected, from the initial https://ggc.world , is:
Request URL: https://localhost/sockjs-node/info?t=1580484448072

So...
I ask you... am I right or wrong in thinking that this proxy_pass address
has to be changed?

server {
    listen 443 ssl http2 default_server;
    server_name ggc.world;

    ssl_certificate /etc/ssl/certs/chained.pem;
    ssl_certificate_key /etc/ssl/private/domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers
EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RS$
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    #ssl_stapling on;
    #ssl_stapling_verify on;

    access_log /var/log/nginx/ggcworld-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;   //
<------------------------------------------------- !!!!
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

And how to change it?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286883#msg-286883

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
On Fri, Jan 31, 2020 at 10:49:26AM -0500, MarcoI wrote:

Hi there,

> This is the output of the "Network" tab :
> https://drive.google.com/open?id=1QJMe8FEBrEuWacHWeJ_TQegMkF0v68AY

That picture looks like the right-hand side is showing the "request
details" of the fifth request down, the red "info" one.

Look at the first few successful requests instead.

Or maybe "view source" of the main page, and look at the html that
was returned. What puts the word "localhost" into that html?

> " Either a http redirect response header, or some response body content,
> invites the browser to try to access localhost" :
> as far as I see and understand, the requested URL, or the URL to which the
> initial request is redirected, from the initial https://ggc.world , is:
> Request URL: https://localhost/sockjs-node/info?t=1580484448072

I don't see that.

Can you see or show the complete response to the initial request?

> I ask you... am I right or wrong in thinking that this proxy_pass address
> has to be changed?

I think it probably does not need to be changed.

I think that either you need to add some nginx proxy_redirect lines; or
you need to change the vue setup to never use the word "localhost". Or
maybe both.

If you can show where the word "localhost" appears in the response to the
request for ggc.world, it may be clearer where the change should be made.

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
This is the "view source" of the html page:


    <!DOCTYPE html>
    <html lang="en">
      <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport"
content="width=device-width,initial-scale=1.0">
        <link rel="icon" href="favicon.ico">
        <title>testproject</title>
      <link href="js/app.js" rel="preload" as="script"><link
href="js/chunk-vendors.js" rel="preload" as="script"></head>
      <body>
        <noscript>
          <strong>We're sorry but testproject doesn't work properly without
JavaScript enabled. Please enable it to continue.</strong>
        </noscript>
        <div id="app"></div>
        <!-- built files will be auto injected -->
      <script type="text/javascript"
src="js/chunk-vendors.js"></script><script type="text/javascript"
src="js/app.js">  
    </script></body>
    </html>


This is the result of the "localhost" word search in app.js:

https://drive.google.com/open?id=11QpJKjd4PLKNMnO7m2utCJ9PrzO8Oyji  :

    /***/ }),

    /***/ 1:
/*!********************************************************************************************************************************************************************!*\
      !*** multi (webpack)-dev-server/client?http://localhost
(webpack)/hot/dev-server.js
(webpack)-dev-server/client?http://192.168.1.7:8080/sockjs-node
./src/main.js ***!
 
\********************************************************************************************************************************************************************/
    /*! no static exports found */
    /***/ (function(module, exports, __webpack_require__) {

    __webpack_require__(/*!
/home/marco/vueMatters/testproject/node_modules/webpack-dev-server/client  

    /index.js?http://localhost
*/"./node_modules/webpack-dev-server/client/index.js?http://localhost");
    __webpack_require__(/*!
/home/marco/vueMatters/testproject/node_modules/webpack/hot/dev-server.js  
    */"./node_modules/webpack/hot/dev-server.js");
    __webpack_require__(/*!
/home/marco/vueMatters/testproject/node_modules/webpack-dev-server/client
    /index.js?http://192.168.1.7:8080/sockjs-node
*/"./node_modules/webpack-dev-server/client/index.js?http:  
    //192.168.1.7:8080/sockjs-node");
    module.exports = __webpack_require__(/*! ./src/main.js
*/"./src/main.js");


    /***/ })

    /******/ });


These are the results of the "localhost" word search in chunk-vendors.js :


- https://drive.google.com/open?id=13EPYKgb7Vv4DHOTxD0jxYk_CbDDrJkMy
- https://drive.google.com/open?id=1UjWDsPyT-87GF4WJhVr-UhzOFGiBW8tH
- https://drive.google.com/open?id=1eq5pWm51sjCYQkIaQn5GZ6uEmrmS36Od
- https://drive.google.com/open?id=19QzxljB37HH5cvJ0jffdyX97u9hlBDsV


In this GitHub repository you can find all the related files:
https://github.com/marcoippolito/testproject

the sudo nano /etc/nginx/conf.d/default.conf is the following:

    server {
        listen 443 ssl http2 default_server;
        server_name ggc.world;

        ssl_certificate /etc/ssl/certs/chained.pem;
        ssl_certificate_key /etc/ssl/private/domain.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-    
   
draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        #ssl_stapling on;
        #ssl_stapling_verify on;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }
        location / {
            proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        error_page 497 <a href="https://$host:$server_port$request_uri;">https://$host:$server_port$request_uri;
        server_name www.ggc.world;
        return 301 https://$server_name$request_uri;

        access_log /var/log/nginx/ggcworld-access.log combined;

        add_header Strict-Transport-Security "max-age=31536000";
        location = /favicon.ico { access_log off; log_not_found off; }
        location / {
            proxy_pass <a href="http://127.0.0.1:8080;">http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    # https://www.nginx.com/blog/nginx-nodejs-websockets-socketio/
    # https://gist.github.com/uorat/10b15a32f3ffa3f240662b9b0fefe706 
    # http://nginx.org/en/docs/stream/ngx_stream_core_module.html

    upstream websocket {
        ip_hash;
        server localhost:3000;
    }

    server {
        listen       81;
        server_name  ggc.world www.ggc.world;

        #location / {
        location ~ ^/(websocket|websocket\/socket-io) {
            proxy_pass <a href="http://127.0.0.1:4201;">http://127.0.0.1:4201;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Forwared-For $remote_addr;
            proxy_set_header Host $host;

            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
        }

    }
    #
https://stackoverflow.com/questions/40516288/webpack-dev-server-with-nginx-proxy-pass

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286887#msg-286887

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
On Sat, Feb 01, 2020 at 04:45:00AM -0500, MarcoI wrote:

Hi there,

> This is the "view source" of the html page:

This source does not include the words "Welcome to Your Vue.js App",
which appears in "16.jpg" picture.

That picture shows three other successful requests -- app.js,
chunk-vendor.js, and [object%20Module] before the "info" failures.

(The first two of those come from the "link", "rel=preload" parts of the
"head" of the initial response; or maybe from the "script" in the "body".)

I suspect that somewhere in the response of one of those other
three requests, is something that invites the browser to access
https://localhost/sockjs-node/info.

The best I can suggest is: find which one of those three responses it is;
then find what in your vue setup puts that there; then change it so that
it (probably) asks for /sockjs-node/info instead.

Exactly how to do that is probably in the vue documentation.

I see no evidence of a nginx config problem here, so far.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
Hi Francis,

I "solved" this problem installing the Desktop version of Ubuntu 18.04, as I
described here:
https://askubuntu.com/questions/1207812/webapp-fails-with-neterr-connection-refused-with-ubuntu-18-04-4-server-edition

Now I have a different, but may be, similar, problem, which I described in
this post:
https://forum.nginx.org/read.php?2,286991

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286992#msg-286992

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

redflag
In reply to this post by Francis Daly
Hi Francis,
I "solved" this problem installing the Desktop version of Ubuntu 18.04 as I
described here:
https://askubuntu.com/questions/1207812/webapp-fails-with-neterr-connection-refused-with-ubuntu-18-04-4-server-edition

Now I've got a different, but may be, similar, problem, which I described in
this post in the Nginx Forum:
https://forum.nginx.org/read.php?2,286991

Marco

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286850,286993#msg-286993

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

Francis Daly
In reply to this post by redflag
On Tue, Feb 11, 2020 at 02:28:45PM -0500, MarcoI wrote:

Hi there,

> I "solved" this problem installing the Desktop version of Ubuntu 18.04, as I
> described here:
> https://askubuntu.com/questions/1207812/webapp-fails-with-neterr-connection-refused-with-ubuntu-18-04-4-server-edition

I don't think that's a solution; but if you now have a working system,
then it's all good.

> Now I have a different, but may be, similar, problem, which I described in
> this post:
> https://forum.nginx.org/read.php?2,286991

That looks like the same problem to me.

Change your vue config so that it can work.

Perhaps the "public" piece at
https://forum.vuejs.org/t/vue-with-nginx/26843/3 is relevant.

See also https://webpack.js.org/configuration/dev-server/#devserver-public
and maybe "publicPath" there too.

I see no nginx issue here, or there, other than what was previously
mentioned.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
12