u/TheMadnessofMadara

I am running a nuxt server and I found out the hard way that about hosting dynamic assets in the public directory is a no go in prod for dynamic assets.

how do I set up nginx to point to this another directory for dynamic assets.

Currrect folder holding assets is /etc/assets

Current nginx is

   server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name example.com;


        # Let's Encrypt SSL
    ssl_certificate /etc/letsencrypt/live/example.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/exmple.com-0001/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location /data/ {
            expires off;
            add_header Pragma public;
            add_header Cache-Control "public";
            alias /etc/assets/;
        }

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_pass http://0.0.0.0:3000;
            proxy_redirect off;
        }
}

How do I get asset example.com/asset/importantstuff/file?

I have base DNS and 2 subdomains. The base and one sub are working fine, but one subdomain "foo.example" refuses any connection and I have no idea why. If base is not running and I go to URL I get the "502 Bad Gateway" nginx page, but for foo I get "This site can’t be reached". All three have there a name records. I checked a billion times.

Foo is running on a rust Axum server.

Any advice?

server {
        if ($host = example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot


        listen 80;
        listen [::]:80;
        server_name example.com;
        return 301 https://$host$request_uri;


    }
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name example.com ssl;
        root /var/zem/public;

        # Let's Encrypt SSL
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_pass http://0.0.0.0:3000;
            proxy_redirect off;
        }

        # Webroot
    }

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name foo.example.com;

        # Let's Encrypt SSL
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_pass http://0.0.0.0:7878;
        }
    }

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name bar.example.com;

        # Let's Encrypt SSL
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_pass http://0.0.0.0:7700;
        }
    }
}

How do I setup nginx to reach my axum rust server with a sub domain.

I get errors with "conflicting server name "ssl" on 0.0.0.0:443, ignored"

   server {
        if ($host = example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot


        listen 80;
        listen [::]:80;
        server_name example.com;
        return 301 https://$host$request_uri;


    }
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name example.com ssl;
        root /srv/zem-nuxt/public;

        # Let's Encrypt SSL
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_pass http://0.0.0.0:3000;
            proxy_redirect off;
        }

        # Webroot
    }

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name foo.example.com ssl;

        # Let's Encrypt SSL
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_pass http://0.0.0.0:7878;
        }
    }

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name bar.example.com ssl;

        # Let's Encrypt SSL
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

        # Basic SSL config
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_pass http://0.0.0.0:7700;
        }
    }
}

EDIT: I got rid of the ssl from server_name and still no go. Fixed that message though.

What is the recommended implementation for environmental variables in production for NUXT. The server is a linux and I added the environmental variables via 'export', but - surprisingly - my built nuxt server is using the variables that were in the .env file for some reason? Probable due to the fact that file is used during build and the variables were in the nuxt.config.ts file.

I got two certs from letsencrypt and it gave me 1 public key and one private key. The public key has two certs. I moved the files to "/usr/local/share/ca-certificates/website" and renamed them and replaced pem with crt extension. Ran "sudo update-ca-certificates".

Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt, it does not contain exactly one certificate or CRL
rehash: warning: skipping cert.pem, it does not contain exactly one certificate or CRL

It should be noted I had to replace the pem with crt because apparently Debian requires the crt? But the message has - as you can see - cert.pem, not cert, crt. Weird... I don;t even know where that ca-certificates.crt came from.

So how do I install the cert.crt?

I am trying to run NUXT on a Debian server. Through let's encrypt I got 2 files: fullchain.pem and a privkey.pem. I put them in my server certs folder and renamed them cert and key respectively. I also copied and pasted them "/usr/local/share/ca-certificates/web" and used the command "sudo update-ca-certificates" but adds nothing? I run my server and I get this error message. I set the environment variables NITRO_SSL_KEY and NITRO_SSL_CERT to their corresponding certs.

node:internal/tls/secure-context:70
    context.setCert(cert);
            ^

Error: error:0480006C:PEM routines::no start line
    at node:internal/tls/secure-context:70:13
    at Array.forEach (<anonymous>)
    at setCerts (node:internal/tls/secure-context:68:3)
    at configSecureContext (node:internal/tls/secure-context:191:5)
    at Object.createSecureContext (node:_tls_common:114:3)
    at Server.setSecureContext (node:_tls_wrap:1510:27)
    at Server (node:_tls_wrap:1374:8)
    at new Server (node:https:80:3)
    at file:///srv/server/index.mjs:5629:30
    at ModuleJob.run (node:internal/modules/esm/module_job:263:25) {
  library: 'PEM routines',
  reason: 'no start line',
  code: 'ERR_OSSL_PEM_NO_START_LINE'
}

Node.js v20.19.2

The "no start line" makes no sense both of have the appropriate "-----BEGIN CERTIFICATE-----" and "-----BEGIN PRIVATE KEY-----". cert.pem has two certs inside weirdly enough.

Any advice?