Problem configuring tusd over https on Nginx

Question

I am trying to setup tusd with Uppy on https without success. It works well on http.

Here's my nginx conf file:

server {
  listen 80;
  listen[::]: 80;
  server_name
  DOMAIN.com
  www.DOMAIN.com;

  root / srv / users / DOMAIN / apps / DOMAIN / public;

  access_log / srv / users / DOMAIN / log / DOMAIN / DOMAIN_nginx.access.log main;
  error_log / srv / users / DOMAIN / log / DOMAIN / DOMAIN_nginx.error.log;

  proxy_set_header Host $host;
  proxy_set_header X - Real - IP $remote_addr;
  proxy_set_header X - Forwarded - For $proxy_add_x_forwarded_for;

  include / etc / nginx - sp / vhosts.d / DOMAIN.d
  /*.nonssl_conf;
      include /etc/nginx-sp/vhosts.d/DOMAIN.d/*.conf;
  }

  server {
      listen       443 ssl http2;
      listen       [::]:443 ssl http2;
      server_name
          DOMAIN.com
          www.DOMAIN.com
        ;

      ssl_certificate_key      ssl/DOMAIN.key;
      ssl_certificate          ssl/DOMAIN.combined_crt;

      root   /srv/users/DOMAIN/apps/DOMAIN/public;

      access_log  /srv/users/DOMAIN/log/DOMAIN/DOMAIN_nginx.access_ssl.log  main;
      error_log  /srv/users/DOMAIN/log/DOMAIN/DOMAIN_nginx.error_ssl.log;

      proxy_set_header    Host              $host;
      proxy_set_header    X-Real-IP         $remote_addr;
      proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header    X-Forwarded-SSL   on;
      proxy_set_header    X-Forwarded-Proto $scheme;

      include /etc/nginx-sp/vhosts.d/DOMAIN.d/*.ssl_conf;
      include /etc/nginx-sp/vhosts.d/DOMAIN.d/*.conf;


  location /files/ {
        #resolver 8.8.8.8 4.2.2.2;

        proxy_pass  http://localhost:3020/files;   
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr;    

        # Disable request and response buffering    
        proxy_request_buffering  off;               
        proxy_buffering          off;                
        proxy_http_version       1.1;                 

        # Add X-Forwarded-* headers so that response can reference https and
        # originating host:port                                                     
        proxy_set_header X-Forwarded-Host $hostname;                       
        proxy_set_header X-Forwarded-Proto $scheme;                                
        proxy_set_header X-Forwarded-Proto https;      
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            

        # Allow proxying of websockets if required               
        proxy_set_header         Upgrade $http_upgrade;         
        proxy_set_header         Connection "upgrade";        
        client_max_body_size     0;  
    }
  }

At another conf file I have this additional configuration:

location / {
    proxy_pass      $backend_protocol://$backend_host:$backend_port;
}

At Chrome console I have the following output:

upload.js:2 OPTIONS https://DOMAIN/files/2b775a112504ed1222c6ffdd4fbdac03+Dc99JI0Zvgh54FXVfpp5K32GAiZBjV5bY-d9tzj8fDL1FxNKKZrHP_SBE6OERG8SWAm1ZjqtjYMVWSvWCQLba0qsR8krfVBYw8ApHqIBO7DG9Bn1t_tv_a6nuuTuqlXC net::ERR_NAME_NOT_RESOLVED

Notice the domain without the .com extension!

I tried all combinations of configuration, commenting the configuration lines without success. Can you spot the mistake?

What are used values for variables `$backend_protocol://$backend_host:$backend_port;`? — Jan Garaj, Jan 03 '20 at 21:01

score 1 · Accepted Answer · answered Jan 04 '20 at 15:13

A contractor solved it for me and the solution is neat. He did it instead configuring Apache.

At the first nginx conf file he removed the "location /files/" section entirely. At the apache conf file, he added the following lines:

    ProxyPass /files http://localhost:3020/files
    ProxyPassReverse /files http://localhost:3020/files

And it worked.

score 0 · Answer 2 · answered Jan 02 '20 at 07:20

This is pretty clearly a network issue which should be a definite mismatch between the data that is advertised in the HTTP Headers and the data transferred over the wire.

It could come from the following:

Server: If a server has a bug with certain modules that changes the content but don't update the content-length in the header or just doesn't work properly. It was the case for the Node HTTP Proxy at some point (see here)
Proxy: Any proxy between you and your server could be modifying the request and not update the content-length header.

This problem could also be the nginx docker container disk space. Just check and if full please clear the files.

Let me know if that helps.

score 0 · Answer 3 · answered Jan 02 '20 at 11:31

Re-use then adapt (from companion.mywebsite.com to yourdomain.com) this working nginx configuration file :

( don't forget to change also ssl_certificate, ssl_certificate_key and ssl_dhparam )

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        server_name  companion.mywebsite.com;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                proxy_pass http://0.0.0.0:3020;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/companion.mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/companion.mywebsite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


    server {
    if ($host = companion.mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  companion.mywebsite.com;
    return 404; # managed by Certbot


}}

Then try again... if you get this error:

Nginx Error: The page you are looking for is temporarily unavailable. Please try again later.

Run:

setsebool -P httpd_can_network_connect 1

To fix permission then restart apache

Problem configuring tusd over https on Nginx

3 Answers3