NGINX configuration failed

Question

I was trying to remove useless redirects and I changed nginx configuration without backup... I just removed one line, and then put it back, but nginx didnt start. Right now I tried a few "defaults" found on web, but nothing works. Need help with it :< Here are configuration files

sites-enabled -> mywebsite.com.conf <- here I made change, I know it should looks diffrent, but I dont know how it should look like..

server {
       listen 80;
}

server {
      listen 443;
}

sites->enabled mywebsite.com

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name mywebsite.com www.mywebsite.com;
        rewrite ^ https://mywebsite.com$request_uri? permanent;
client_max_body_size 100M;
}

server {
client_max_body_size 100M;
    listen 443 ssl;
    server_name mywebsite.com;
 ssl_certificate /etc/mywebsite.com.crt;
  ssl_certificate_key /etc/mywebsite.com.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

   access_log /var/log/nginx/odoo.access.log;
   error_log /var/log/nginx/odoo.error.log;




#ssl weryfikacja plik
location ^~ /.well-known/ {
 default_type "text/plain";
 alias /var/www/acme-challenge/;
  autoindex on;
}


location / {

      proxy_set_header        Host $host;
        proxy_set_header        X-Forwarder-Server $host;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
     # proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_set_header        X-forwarder-Host $host;
      # Fix the “It appears that your reverse proxy set up is broken“ error.
      proxy_pass          https://localhost:8069;
     # proxy_read_timeout  90;

#      proxy_redirect      http://localhost:8069 https://mywebsite.com;
}


  }

With this config I get 502 bad gateway

I added also redirect to IPTABLES iptables -D PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8069 iptables -D PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8069 Website is made on odoo working on port 8069

When someone is trying to access website odoo reports ERROR ? werkzeug: 127.0.0.1 - - [09/Oct/2019 10:30:11] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00½\x01\x00\x00¹\x03\x03\´<ø\x80bè¸àP2\x07¢ÑP\x88¶ãc+\x14ôC\x89®\x92½&W~g') - - -

Answer 1

1. You forgot the ssl flag on your main listen 443 directive.

2. You're trying to redirect a TLS port (443) and a non-TLS port (80) to the same port of the same server. Your webapp (werkzeug) only expects plain HTTP connections on port 8069, so it does not recognize TLS handshakes on this port.

3. The iptables redirect rules completely bypass the Nginx reverse proxy; they forward all packets directly to the application.

Answer 2

1. You mean

server {
      listen 443 ssl;
}

2.

 rewrite ^ https://mywebsite.com$request_uri? permanent;
change to http?

3. If I make those changes and do not make IPTABLES then I get An error occurred during a connection to water-display.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

With iptables gets 502