skip to Main Content

I used NGINX for my node.js server for install an proxy server for reverse port binding
And after i created SSL certification using this tutorial

This is my nginx status

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2023-03-03 07:52:25 UTC; 16s ago
  Process: 21031 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 21028 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 21026 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 21033 (nginx)
   CGroup: /system.slice/nginx.service
           ├─21033 nginx: master process /usr/sbin/nginx
           ├─21034 nginx: worker process
           └─21035 nginx: worker process

Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21028]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-available/gestionale.conf:23
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21028]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21028]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21031]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-available/gestionale.conf:23
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.

and this is my included conf file

server
{
        listen 443;
        server_name my-host.com; 
        #root /usr/share/nginx/www; index index.html index.htm;
        ssl on;
        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;
        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_pass http://127.0.0.1:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                #location /overview {
                #       proxy_pass http://127.0.0.1:3000$request_uri;
               #        proxy_redirect off;
                #}
        }
}

The result is this:
dangerous it means "dangerous"

and this
enter image description here
it means "Deceptive site in sight
Malicious users on the my-host.com site may trick you into doing dangerous things, such as installing software or revealing personal information (such as passwords, phone numbers, or credit cards)."

What did i wrong and how can i resolve it?

And another questio is this:

I also tried to use AWS certification creating dns pool adding CNAMES
of certificate using load balancer where i included the certificate on HTTPS listener and added an redirect to HTTPS on HTTP listener.

enter image description here

The result is this:
enter image description here

2

Answers


  1. The guide that you linked shows you how to create a self-signed certificate, that means that the certificate you have is not signed by a known CA.

    In short, you need a certificate that has been signed by a third party that is trusted by your OS / browser (depending on which trust store is being used).
    You could buy a certificate from some known third party ex: comodo, DigiCert.
    But if you don’t want to buy anything I’d recommend looking into LetsEncrypt: https://letsencrypt.org/docs

    And generate one using them that’s free.

    Login or Signup to reply.
  2. You have installed a self-signed certificates, it’s better to use Let’s Encrypt. It’s a free certificate authority.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search