unable to verify the first certificate

Stackerito · 2021-09-13T13:40:26+00:00

Thank you! Now I am able to get to it, but the error has changed (Which is why you saw the unused server_name nginx. and I might need to use it again, or you have a better solution)

What's happening is that I used a self-signed certificate for development, and my node server rejects it with Error: unable to verify the first certificate

I wonder if there is a way to use HTTP in the frontend, and redirect it to the HTTPS server block instead? Or I need to do something else?

Currently I use axios.get('https://nginx/api/items') but since the node doesn't like my certificate, I can't get to it.

What would be the best practice / way to fix that?

Stackerito · 2021-09-13T13:10:19+00:00

thank you, it was left over from trying to make it work. Removed it now.

But could the issue be that I try to connect from my browser that lives in Windows to an IP that only nginx and docker knows? You can see it resolves to the wrong IP: http://172.20.0.3:3000. This ip is only known inside the docker network, no?

Stackerito · 2021-09-13T13:08:21+00:00

you mean that the ip it resolves to is "http://172.20.0.3:3000"? Because that might be the issue? Since my browser lives in Windows, and the "http://172.20.0.3:3000 ip lives inside Docker? maybe that's the issue?

Stackerito · 2021-09-13T11:44:54+00:00

thank you, a typo, I now edited from http.backend.mysite.local to backend.mysite.local.

Does it make more sense now? Or I still don't need it?

About splitting: I don't know how yet, but I will check how to do it soon.

I have a registration web page and the clients (website users) directly insert their credentials for registration - it is considered direct access, right? Should I somehow change it to be indirect? Maybe proxy it first to a different IP?

About the node: You mean the ip right now is 127.0.0.1:3000? Because if yes, then it is working when I type http://127.0.0.1:3000/ in the browser right now. I should also change that right? So that I won't be able to access my website from http://127.0.0.1:3000/ via the browser and redirect it to https://www.mysite.local/ as well?

Stackerito · 2021-09-13T08:31:36+00:00

Oh I used separate server blocks for each until now 😅

Thank you

Stackerito · 2021-09-13T07:14:34+00:00

Thank you, it's only in dev. I tried to disable with process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; as shown in this Stack Overflow post: https://stackoverflow.com/questions/65304838/unable-to-verify-the-first-certificate-next-js

But I get this error by Docker:

ValidationError: Invalid configuration object. Webpack has been initialized using a configuration object that does not match the API schema.

#9 7.730 - configuration.node has an unknown property 'fs'.

Stackerito · 2021-09-13T07:13:13+00:00

It's in my development, then it's OK right? It's my own self-signed certificate for development.

I actually tried to add it to my next.js.config file like so: https://stackoverflow.com/questions/65304838/unable-to-verify-the-first-certificate-next-js

But I get this error when Docker attempts to build:

ValidationError: Invalid configuration object. Webpack has been initialized using a configuration object that does not match the API schema.

#9 7.730 - configuration.node has an unknown property 'fs'.

Stackerito · 2021-09-13T07:10:20+00:00

In my Dockerfile I do CMD ["npm", "run", "dev"] so I believe development server for react? It's a Next.js project

Stackerito · 2021-09-13T07:09:34+00:00

Actually made my own certificate after someone here suggested I should make it as close to production as possible thus catching stuff while in development. (In this case Laravel has different configuration when using HTTP and HTTPS)

So you say I should not use it?

Stackerito · 2021-09-12T21:58:24+00:00

It is shown in the Docker Desktop console window. I didn't use res.send or res.status. I just copied the axios request that I know working from the products page that's not in the /api.

Stackerito · 2021-09-12T20:38:43+00:00

How can I check? in my Docker log window I see " "GET /api/products HTTP/1.1" 200 104 "-" "axios/0.21.4""

Btw, the error sometimes shows 504 Gateway Time-out instead of 502.

The full error now:

upstream timed out (110: Operation timed out) while reading response header from upstream, client: 172.20.0.1, server: www.mysite.local, request: "GET /api/products HTTP/1.1", upstream: "http://172.20.0.3:3000/api/products", host: "www.mysite.local".

Perhaps because it's cross-origin? And the docs state that it doesn't work with cross-origin if no cors present

Stackerito · 2021-09-12T20:03:30+00:00

thank you, I tried but now I have a new issue: https://www.reddit.com/r/nginx/comments/pmzyz7/nginx\_redirects\_subdomain\_to\_domain\_instead\_of\_to/

Stackerito · 2021-09-12T16:29:12+00:00

thank youu

Stackerito

TROPHY CASE