Proper nginx configuration with SSL

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
2 years ago
Hello,

Can someone give some help into what should be a proper nginx/nopcommerce configuration with proper SSL.
Currently I have this in my nginx config for default site:


server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        ssl_certificate /path_to_certificate_chain.crt;

        ssl_certificate_key /path_to_key.key;


       ssl_session_timeout       1d;
       ssl_protocols             TLSv1.2 TLSv1.3;
       ssl_prefer_server_ciphers off;
       ssl_ciphers               ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
       ssl_session_cache         shared:SSL:10m;
       ssl_session_tickets       off;
       ssl_stapling              off;

       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;

       server_name myshop.com;


       location / {
         proxy_pass         http://localhost:5000;
         proxy_http_version 1.1;
         proxy_set_header   Upgrade $http_upgrade;
         proxy_set_header   Connection keep-alive;
         proxy_set_header   Host $host;
         proxy_cache_bypass $http_upgrade;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Proto $scheme;
    }


I have changed UseHttpXForwardedProto and UseHttpClusterHttps to true in appsettings.json.
The SSL is properly installed for the domain, but I cannot seem to have it working with nop. Best I accomplished is to front store loads over https but then I can't access /Admin part.

Also, I updated throuh db the Store settings, since I cannot access it through web, but doesn't seem to help.

mysql> SELECT Name, Url, Hosts, SslEnabled from Store;
+--------+-------------------+-----------+------------+
| Name   | Url               | Hosts     | SslEnabled |
+--------+-------------------+-----------+------------+
| M-Shop | https://myshop.com | myshop.com |          1 |
+--------+-------------------+-----------+------------+


Any help is appriciated.
0
2 years ago
please check this thread https://www.nopcommerce.com/en/boards/topic/89714/how-to-configure-ssl-on-second-multi-store-site-in-nginx-server
https://nop-station.com
We are nopCommerce #1 gold partner and one stop E-commerce solution provider
For any queries: [email protected]
Team Skype:  [email protected]
0
2 years ago
I checked the link, I only have one store on one domain.
I managed to get it working, I can access front store and admin panel, but it seems only Chrome on desktop works. I don't know why.
0
2 years ago
Seems it was issue with firewall because 80 was not allowed in ufw.

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
443                        ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443 (v6)                   ALLOW IN    Anywhere (v6)
80/tcp (v6)                ALLOW IN    Anywhere (v6)


Now it opens up in all browsers, I just have to figure out proper http -> https redirect.
0
2 years ago
This is the nginx config that's working for me:

    server {
    listen 443 ssl;
    server_name your.domain.tld www.your.domain.tld;

    ssl_certificate /etc/letsencrypt/live/your.domain.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your.domain.tld/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log  /var/log/nginx/your.domain.tld.log  main;

    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

server {
    listen       80;
    server_name  your.domain.tld www.your.domain.tld;

    if ($host = www.your.domain.tld) {
        return 301 https://$host$request_uri;
    }


    if ($host = your.domain.tld) {
        return 301 https://$host$request_uri;
    }

    return 404;
}


Obviously, it is necessary to adjust your.domain.tld to match your domain.

Hope it hepls.
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.