After nginx & certbot configuration I can't access strapi through https://domain.com:1337 but i can through http://[DigitalOcean IP]:1337

Hello guys,

I’m trying to deploy my first project made with Strapi. I managed to deploy strapi actually and now I’m working on connecting a subdomain to the digital ocean’s server. If I access https://domain.com it works like a charm. The content of /var/www/domain.com/html is showing up. If I access http://[droplet’s IP]:1337 I can also reach the strapi. However, if I try to access https://domain.com:1337 in order to access strapi, it won’t work. It shows me “This site can’t provide a secure connection” in Chrome.

Do you have any idea what the issue might be?

Can you provide your nginx configuration?

Hi, I kinda managed to solve the issue. This is my config in case it will help anyone (the “location / { … }” made Strapi work for me). However, I’m not sure if I should uncomment the “try_files …” line.

server {
    root /var/www/api.eduardstefan.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name api.eduardstefan.com www.api.eduardstefan.com;

    location / {
            proxy_pass http://localhost:1337;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            # try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.eduardstefan.com/fullchain.pem; # m>
    ssl_certificate_key /etc/letsencrypt/live/api.eduardstefan.com/privkey.pem; #>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = www.api.eduardstefan.com) {
        return 301 https://api.eduardstefan.com$request_uri;
    } # managed by Certbot

    if ($host = api.eduardstefan.com) {
        return 301 https://api.eduardstefan.com$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name api.eduardstefan.com www.api.eduardstefan.com;
    return 404; # managed by Certbot
}

Keep in mind that Nginx only controls whats being passed on ports 80 and 443. Anything on port 1337 is Strapi directly, hence why https://api.eduardstefan.com:1337 as Nginx doesn’t manage that.

Hello,

It’s not clear for me, sorry but I’m just beginning on the backend side of things :)) I’m actually a UX/UI designer with web development skills :))

The config I attached above is not ok? Now, api.eduardstefan.com shows the Strapi splash screen and it’s the result I wanted but I don’t understand from your reply if my config is wrong (non-secure kind of)?

If you are using nginx, then port 1337 should not be publicly accessible, it should only be internal to the server and nginx proxies all the requests.

What should happen:

• User => Makes request to api.example.com on port 443 => received by nginx on port 443 => proxies request to localhost on port 1337 inside the server => Strapi gets request on localhost port 1337

What you are doing:

• User => Makes request to api.example.com on port 1337 => Strapi gets request on your server’s IP on port 1337

What you are doing:

• User => Makes request to api.example.com on port 1337 => Strapi gets request on your server’s IP on port 1337

@DMehaffy His config seems okay to me and he is definitely not trying to listen on 1337 local port. You must be missing something.

See this from his conf file

listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot

and

listen 80;
listen [::]:80;

Thats the listen directive.

He directly said in the first post that if he hits the :1337 he gets a response but that it’s an SSL error. What is missing here is a firewall rule to block port 1337 inbound or to change Strapi’s host setting to localhost or 127.0.0.1