Unable to setup SSL with Nginx + Prerender + Meteo

2019-06-12 21:05发布

I am having trouble configuring nginx to return the prerendered html when using HTTPS.

  • nginx, prerender and my meteor app runs on the same server.
  • prerender is in port 3033
  • meteor app is in port 112

In meteor I have configured it to to point to the localhost:3033 for prerendering.

With the following no-SSL configuration, Facebook's tool is able to scrape my site successfully:

server {
    listen 80;
    server_name sample.com www.sample.com;

    # strip the "www" subdomain
    if ($host ~* ^www\.(.*)) {
        set $host_without_www $1;
        rewrite ^(.*) http://$host_without_www$1 permanent;
    }

    location / {
        # app is running in port 112 in the same server
        proxy_pass http://127.0.0.1:112;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

However when I started using SSL Facebook is not able to scrape the site.

server {
    listen 443 ssl;
    server_name sample.com www.sample.com;

    ssl_certificate /etc/letsencrypt/live/sample.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sample.com/privkey.pem;

    # strip the "www" subdomain
    if ($host ~* ^www\.(.*)) {
        set $host_without_www $1;
        rewrite ^(.*) http://$host_without_www$1 permanent;
    }

    location ~ /.well-known {
        allow all;
    }
    location / {
        # app is running in port 112 in the same server
        proxy_pass http://127.0.0.1:112;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
# redirect to https
server {
    listen 80;
    server_name sample.com www.sample.com;
    return 301 https://$host$request_uri;
}

One observation is that every time I run the FB tool with an HTTPS say https://sample.com/, in prerender logs it says getting http://sample.com (not HTTPS!).

Manually running a curl command is successful

curl http://sample.com:3033/https://sample.com

Somewhere in between is clearly converting the protocol https to http.

2条回答
疯言疯语
2楼-- · 2019-06-12 21:43

Sounds like you are terminating SSL at the load balancer or something similar. In the prerender config you should just force the protocol to be https when sending the URL to your prerender server.

查看更多
狗以群分
3楼-- · 2019-06-12 21:56

It seems that my nginx configuration was fine after all.

I ended up following the code here.

  1. I added prerender-node from npm

    meteor npm install --save prerender-node

  2. I created /client/prerender-head.html

    <head><meta name="fragment" content="!"></head>

  3. I created /server/prerender.js

Note the part that we are forcing the protocol to be https (similar to what @Prerender.io suggested)

var prerenderio = Npm.require('prerender-node');
var token;
var serviceUrl;
var settings = Meteor.settings.PrerenderIO;

// token
token = process.env.PRERENDERIO_TOKEN || (settings && settings.token);

// service url (support `prerenderServiceUrl` (for historical reasons) and `serviceUrl`)
serviceUrl = settings && (settings.prerenderServiceUrl || settings.serviceUrl);
serviceUrl = process.env.PRERENDERIO_SERVICE_URL || serviceUrl;

if (token) {
  if (serviceUrl) prerenderio.set('prerenderServiceUrl', serviceUrl);
  prerenderio.set('prerenderToken', token);

  prerenderio.set('afterRender', function afterRender(error) {
    if (error) {
      console.log('prerenderio error', error); // eslint-disable-line no-console
      return;
    }
  });

  prerenderio.set('protocol', 'https');

  WebApp.rawConnectHandlers.use(prerenderio);
}
  1. Created /settings.json

Change the serviceUrl to wherever your prerender instance is running.

{
  "PrerenderIO": {
      "serviceUrl": "http://localhost:3033/",
      "token": "yourtoken"
  }
}
  1. run the app with meteor --settings settings.json
查看更多
登录 后发表回答