Mastering Development System & Network

Why my nodejs REST API doesn’t work on HTTPS?

I have droplet on Digital Ocean (I am novice to server setting).

I use: Ubuntu, NGINX, Let’s encrypt certs, PM2.

App is written in NUXT.JS and server side use Express for REST API. I can access my REST API just on HTTP.

App is on port 8080 (I don’t know if is it ideal – I tried also 3000, 8443 and the result was the same).

PM2 log is clear.

0|index    |  READY  Server listening on
0|index    |

When try with CURL on server

root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/html/app# curl -v -k
*   Trying
* Connected to ( port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

I still have this error and I am not able to solve it (CURL just on HTTP give me expected JSON as a result, so it’s ok).

This is my config

index   index.html index.htm;

server {
    listen 80;

        location / {
            proxy_pass          ;

            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
            proxy_ssl_server_name on;
            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;

    return 301 https://$server_name$request_uri;

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;

        root /var/www/html/app/dist;


        ssl_dhparam /etc/nginx/dhparam.pem
        ssl_certificate "/etc/letsencrypt/live/";
        ssl_certificate_key "/etc/letsencrypt/live/";
        ssl_verify_client      optional;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        location / {
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_ssl_server_name on;

Any idea what’s wrong? I guess it is something with SSL.

I switched off SSL3 with

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Thanks. I spent many, many hours :-(…



Leave a Reply

Your email address will not be published. Required fields are marked *