Cannot POST/GET over SSL

Question

I've followed this tutorial to install parse-server on a DigitalOcean Ubuntu droplet. I've also installed parse-dashboard.

It all works well except that I can't curl using SSL. Regular HTTP works fine. i.e:

  curl -H "X-Parse-Application-Id: AppID" https://mywebsite/parse/classes/GameScore

returns Cannot GET /classes/GameScore.

I also can't access the parse-dashboard over SSL, but HTTP works fine (which means my keys might leak).

POST requests return a Cannot POST.

I have tried enabling/disabling the firewall (ufw) but it doesn't change a thing.

I can save data using the SDK, though it is slow. My nginx config file is the same as in the tutorial.

Any ideas?

Edit:

Nginx config:

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
        listen 443;
        server_name your_domain_name;

        root /usr/share/nginx/html;
        index index.html index.htm;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        # Pass requests for /parse/ to Parse Server instance at localhost:1337
        location /parse/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:1337/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        location / {
                try_files $uri $uri/ =404;
        }
}

netstat -anlp | grep 443:

netstat -anlp | grep 443
(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN 

 -

Do you just get a timeout when trying to access the https site? Any errors when you restart nginx? can you curl via https on the server using localhost? — Zypher, Mar 23 '16 at 15:27
Correct re the timeout. No errors when restarting nginx. curl on localhost returns: `curl: (51) SSL: no alternative certificate subject name matches target host name 'localhost'` — user2747220, Mar 23 '16 at 15:31
Can you post your nginx config and the output of `netstat -anlp | grep 443`. This is either a misconfig and nginx isn't listening on the correct ip or a firewall is blocking — Zypher, Mar 23 '16 at 15:34
Silly question, but parse is running and responding on 1337 right? — Zypher, Mar 23 '16 at 15:42
yes. a curl on http://domain.com:1337/parse/classes/GameScore returns a valid entry. — user2747220, Mar 23 '16 at 15:49
There is an error in the tutorial. The `proxy_pass` needs to redirect to `http://localhost:1337/parse` and not `http://localhost:1337/` — user2747220, Mar 24 '16 at 10:53

Mazel Tov · Accepted Answer · 2016-03-28T09:44:42.237

HTTPS There is error in the guide, set the proxy_pass to

proxy_pass http://localhost:1337/parse/;

and the curl request has to be done without the port 1337, like this one

curl -H "X-Parse-Application-Id: appID" https://example.com/parse/classes/SomeClassName

Dashboard

I solved it that I SSH Tunnel to the server and connect to the Dashboard as a localhost, this means you dont need any credentials and it will run on http on localhost because you will be secured through the SSH Tunnel, I also turn on the Dashboard only when I need it...how to setup SSH Tunnel

Cannot POST/GET over SSL

1 Answers1