grandpaK420
grandpaK420
Explore posts from servers
CC#TTCTheo's Typesafe Cult
PostsComments
CC#
Created by grandpaK420 on 4/30/2023 in #help
❔ SSL inside AWS EC2
Hello everyone, I am having issues with SSL. I bought a certificate from Sectigo (which I believe is a trusted CA), but when I connected the ssl certificate to nginx and to my nestjs app inside aws ec2, I am having a 'connection not secured'. How to solve this issue? Thanks Here is the nginx config: 
server {
    listen 443 ssl;
    server_name app.blinkcard.io;

    ssl_certificate /etc/nginx/ssl/blinkcard.io.crt;
    ssl_certificate_key /etc/nginx/ssl/blinkcard.io.key;
    ssl_trusted_certificate /etc/nginx/ssl/blinkcard.io.ca-bundle;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    #add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;

    location ~* ^/.env {
        deny all;
    }

    location / {
        proxy_pass http://localhost:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
server {
    listen 443 ssl;
    server_name app.blinkcard.io;

    ssl_certificate /etc/nginx/ssl/blinkcard.io.crt;
    ssl_certificate_key /etc/nginx/ssl/blinkcard.io.key;
    ssl_trusted_certificate /etc/nginx/ssl/blinkcard.io.ca-bundle;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    #add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;

    location ~* ^/.env {
        deny all;
    }

    location / {
        proxy_pass http://localhost:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
40 replies