Problem with SSL certificate || Node APP & Nginx

feerdispzoo

Verified User
Joined
Jan 17, 2022
Messages
189
Hi everyone,
Maybe someone can help me because I've been struggling with this for 9 hours and I've been clicking and still nothing.

in same user both app
app.com = nodeapp proxy nginx
api.app.com - wordpress api backend

Solution 1:
I pause cloudflare, disable ssl in CF etc.

and Now:
1) for node app i can only access with http:// for https:// return 502 bad gateway
2) for wordpress backend is correct i can access with https:// and with http://

Solution 2:
I enable cloudflare, enable flexible ssl in CF, enable always use https, auto automatic https rewrites .

and Now:
1) for node app i can access correct with https:// and when i try access with http then automatic rewrite to https so is correct
2) for wordpress backend when i access with https:// then destroy all styles etc, in log console return mixed content http in inspection code all urls is with http:// (this is fresh installation, without custom link, all settings domain have url with https:// etc (when i disable cloudflare then all working correct without issue with mixed content).


And now I don't know how to solve it:

to sum up: node app doesn't work without CF, but wordpress working.

node app works with CF, but wordpress doesn't work


After enable cloudflare:

1703865246816.png


After disable CloudFlare all is correct with https and for wordpress all working.


Mixed Content: The page at 'https://secure.app.pl/zamowienie/?session_id=t_843661da799bce606d37a67ec1aa97&return_url=/cart/success' was loaded over HTTPS, but requested an insecure image '. This request has been blocked; the content must be served over HTTPS.

When I select in CloudFlare automatic http rewrites, then when is any custom url with http (but in my case not available custom url) then still should rewrite this to https, but looks likes this function not work.
 
Last edited:
change ssl encrypted mode in cloudflare from "Flexible" to "Full".
 
@jamgames2 I try use all this types, when i change to Full then still for node app i can access only with http and with https i get 502 bad gateway.

Currently Only node app with https working with Flexible
 
yes, that's how "Flexible" mode work.

It will request to your server as "http" and serve to customer as "https".


So fixed you nodeapp first, to make access with https.
 
@jamgames2 thank you for your help better understand this.

Now I think about this http in nodeapp, generally in custom nginx conf I have proxy pass from
  1. http://my_ip:3002 to mydomain.com
So do you think I should use here
  1. https://my_ip:3002
to resolve issue with node https? (node app is build with nextjs 14 )

  1. location /
  2. {
  3. # access_log off;
  4. proxy_buffering off;
  5. proxy_pass http://my_ip:3002;
  6. proxy_set_header X-Client-IP $remote_addr;
  7. proxy_set_header X-Accel-Internal /nginx_static_files;
  8. proxy_set_header Host $host;
  9. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  10. proxy_hide_header Upgrade;
  11. }

In this way I proxy pass:
|?PROXY_IP=my_srv_ip|
|?PORT_8080=3002|
|?PORT_8081=3002|
 
In this way I proxy pass:
|?PROXY_IP=my_srv_ip|
|?PORT_8080=3002|
|?PORT_8081=3002|

this should work fine.
for both "http" and "https". if there have something wrong, maybe you forgot to enable "Secure SSL" in "Directadmin - Domain Management" of that's domain.

I suggest check nginx error log of that domains.
 
"
yes, that's how "Flexible" mode work.

It will request to your server as "http" and serve to customer as "https"."


I try one more combination, i set in CF flexible, and then always use https, and automatic http rewrites.
Now in wordpress I set url with only http://

Now still when I open website with https://wordress then is correct SSL, but still mixed content and all urls content with http:// (so looks like this option with automatic rewrite http not work).

2) for the node app in nginx error I have this:

[ssl:warn] [pid 2703240:tid 140174109985088] AH01909: www.secure.nodeapp.pl:443:0 server certificate does NOT include an ID which matches the server name
 
Ok, this is a bit hard.

your nodejs app only access via "http", so it impossible to make nginx proxy with "https://my_ip:3002"

To solve this issued. you must find a ways to make change nginx to use
Code:
proxy_pass http://my_ip:3002;
for both http ( :80 ) and https ( :443 ) nginx template.

Or you could make your app can access via "https", but just for insecure connection with port "3003" ( https://my_ip:3003 ).

Because directadmin don't have option to custom proxy protocol with easy ways.
 
Back
Top