Quasar (VueJs), nodeJs, Nginx certbox Too many requests

Question

I have following nginx conf for my quasar(VueJs app) and nodejs (as API) app

As you can see my nodejs app is in /api location, the rest of config is for my Quasar (vuejs) app...

The problem I have is following. If I configure only http (comment out the ssl line and set to listen on 80), then my app is working OK. If I use certbot and enable HTTPS, then I get page error Too many redirects.

server { server_name stage.moj-racun.si www.stage.moj-racun.si; access_log /var/log/nginx/my-bills-access.log; error_log /var/log/nginx/my-bills-error.log error; root /home/ubuntu/myBills/frontend/dist/spa/stage; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.html; charset utf-8; location / { try_files $uri $uri/ /index.html; } location = /favicon.ico { access_log off; log_not_found off; } location ~ /\.(?!well-known).* { deny all; } location /api { root /home/ubuntu/myBills/backend; proxy_set_header X-Forwarded-Proto $scheme; # Add this line to preserve the protocol proxy_pass http://localhost:3000; proxy_connect_timeout 60s; proxy_read_timeout 5400s; proxy_send_timeout 5400s; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location = /robots.txt { default_type text/plain; return 200 "User-agent: *\nDisallow: /\n"; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/stage.moj-racun.si/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/stage.moj-racun.si/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { listen 80; server_name stage.moj-racun.si www.stage.moj-racun.si; location / { return 301 https://$host$request_uri; } } 

No mather if I make https://stage.moj-racun.si/api/country or http://stage.moj-racun.si/api/country request on my server, I always get the same error To many requests. My nginx.conf is as default one (I didn't make any changes). I'm writing this, because I only see the request on my server in access.log, meaning my-bills-access.log and my-bills-error.log are empty...

What am I missing? Maybe is the problem, because I use subdomain?

If you need any additional informations, please let me know and I will provide...

Answer 1

Cloudflare was the "problem" because it was probably expecting your webserver to work on http, and not https. There's a couple of options to solve the issue (you solved it with full encryption):

1. Encryption off:

Both cloudflare proxy and your webserver/proxy use http.

2. Flexible:

Cloudflare takes care of https and encryption, and your server is accepting http only. The traffic between the client and the website is encrypted, but the traffic between cloudflare and your webserver is not.

You can make this work with your current config by listening on port 80 only (http), and without using any certificates. Delete the second directive which is redirecting as well.

3. Full:

All traffic is encrypted, even the traffic between cloudflare and your webserver.

4. Full (Strict):

Same as #3, but the cert on your webserver must be trusted.

Answer 2

It was a cloudflare issue! Never though this was a problem :) You need to set Your SSL/TLS encryption mode to Full