Hello HestiaCP community,
I wanted to share a solution for an issue I encountered with the NodeJS templates when using the hestiacp-nodejs plugin (https://github.com/JLFdzDev/hestiacp-nodejs).
The Issue
When using NodeJS as a proxy template, I discovered two major problems:
- The automatic SSL renewal stopped working for NodeJS domains
- HTTP to HTTPS redirections stopped functioning properly
After investigating, I found that the NodeJS.tpl and NodeJS.stpl templates provided by the plugin were missing crucial configurations that exist in the default templates.
Technical Details
The core issue was that the NodeJS templates lacked:
- The
nginx.forcessl.conf
inclusion in the HTTP template - SSL stapling configurations in the HTTPS template
- TLS anti-replay protection
- HSTS header inclusion
- Proper location blocks to handle secure files and directories
- Several standard includes that exist in the default HestiaCP templates
The Solution
I modified both the NodeJS.tpl and NodeJS.stpl files to include the missing configurations, bringing them in line with HestiaCP’s default templates.
Changes to NodeJS.tpl:
// Added forced SSL configuration
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
// Added better security for dot files
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
// Added standard configuration includes
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
Changes to NodeJS.stpl:
// Added SSL stapling
ssl_stapling on;
ssl_stapling_verify on;
// Added TLS anti-replay protection
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
// Added HSTS configuration
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
// Added better security for dot files
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
// Added proxy header management
proxy_hide_header Upgrade;
// Added standard SSL configuration includes
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
How to Apply This Fix
If you’re using the hestiacp-nodejs plugin and experiencing similar issues, here’s how you can fix it:
- Edit the NodeJS.tpl and NodeJS.stpl files in
/usr/local/hestia/data/templates/web/nginx/
- Apply the changes mentioned above to each file
- Run
v-restart-web
to restart the web server - Rebuild the affected domains with
v-rebuild-web-domain user domain.com
After applying these changes, SSL auto-renewal and HTTP to HTTPS redirections should work properly for NodeJS domains, just as they do for standard domains.
Future Updates
I recommend the plugin maintainers include these changes in future releases of the hestiacp-nodejs plugin to ensure proper SSL handling and security for all NodeJS domains.
I hope this helps anyone facing similar issues with NodeJS applications on HestiaCP. Let me know if you have any questions!