I have created a simple Generic Port App that I would like to server a reverse proxy to communicate with mixpanel’s servers.

I took the following steps:

1. Create server with a type of Generic Port App
2. Install nginx in the same server
3. Create a site with the following options

• domain: charlie.codotto.com
• use SSL certificate
• port: 443

Then I get the following error when creating the app:

* Testing nginx configuration ...done. [Fri Apr 22 17:31:20 UTC 2022] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory [Fri Apr 22 17:31:20 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Fri Apr 22 17:31:20 UTC 2022] Creating domain key [Fri Apr 22 17:31:20 UTC 2022] The domain key is here: /root/.acme.sh/charlie.codotto.com/charlie.codotto.com.key [Fri Apr 22 17:31:20 UTC 2022] Single domain='charlie.codotto.com' [Fri Apr 22 17:31:20 UTC 2022] Getting domain auth token for each domain [Fri Apr 22 17:31:22 UTC 2022] Getting webroot for domain='charlie.codotto.com' [Fri Apr 22 17:31:22 UTC 2022] Verifying: charlie.codotto.com [Fri Apr 22 17:31:23 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30) [Fri Apr 22 17:31:25 UTC 2022] Success [Fri Apr 22 17:31:25 UTC 2022] Verify finished, start to sign. [Fri Apr 22 17:31:25 UTC 2022] Lets finalize the order. [Fri Apr 22 17:31:25 UTC 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/510609527/82395586117' [Fri Apr 22 17:31:26 UTC 2022] Downloading cert. [Fri Apr 22 17:31:26 UTC 2022] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/0449b2c87537616c3ccd96e4a1a9d174ce2d' [Fri Apr 22 17:31:27 UTC 2022] Try rel: https://acme-v02.api.letsencrypt.org/acme/cert/0449b2c87537616c3ccd96e4a1a9d174ce2d/1 [Fri Apr 22 17:31:27 UTC 2022] Matched issuer in: https://acme-v02.api.letsencrypt.org/acme/cert/0449b2c87537616c3ccd96e4a1a9d174ce2d/1 [Fri Apr 22 17:31:27 UTC 2022] Cert success. -----BEGIN CERTIFICATE----- MIIFLDCCBBSgAwIBAgISBEmyyHU3YWw8zZbkoanRdM4tMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjA0MjIxNjMxMjZaFw0yMjA3MjExNjMxMjVaMB4xHDAaBgNVBAMT E2NoYXJsaWUuY29kb3R0by5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDBAjihBiWatxoSqV3kB8JnaAdukPDk04rdPLGCnT7lV+2CMh0XL1LznUKY /hlUAlwN1RYqpOhzx22lKj7mKGNDH5Gkz0sxgMud2q6/xDNAh7EL6+pXSuhbqGFp YlWVH8ca/GXucDAEHowyqVkMnnDqhhYoXR3m5M5dvBBmvoasGEqO9KQCTFOv/M1f 0sLM5OnaS6JGW8cJvpxKEMt/VRr8k2FV6SXFHCxtvciyHsSxpE1Juw555EXr+E7v a/LNbhWQcxUN478j7MD6qJPiHoav9TLnfcN+qRfCGfUqZxWMsYyBMIcEkwIMuN9G Kwv5x8q2Ln2LBi4I73f9UfIYorjJAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMC BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw HQYDVR0OBBYEFFKnfP+pEEBFxHnrnbt4u8tIRxupMB8GA1UdIwQYMBaAFBQusxe3 WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0 cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j ci5vcmcvMB4GA1UdEQQXMBWCE2NoYXJsaWUuY29kb3R0by5jb20wTAYDVR0gBEUw QzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDov L2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBB yMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYBSVB79AAAEAwBHMEUC IQDwLB0OnPnXfH7lt1nPWV4vNtHrwyY+JpMOVItOTsxj7QIgUelU5B1GWRBDhCJI 0GLSFRLS7XEM+k50nenzqzYcs1MAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAYBSVB8VAAAEAwBHMEUCIQDV1EJvm314BhoLgdK5+3f/qTmcp453 blhfAwu9f/apcwIgcnXpOpe9bjM277oparX3ykpur5u4Ccq56aOS6po8yiMwDQYJ KoZIhvcNAQELBQADggEBAHOLV/hhWyiQLWwxT6CsyWwr7NxG7VtwTpoFpNra1abA 3oXF5OKqv0xrKGHZj+1H4gNqul/WMjyR6gfrXeeS702bB+x8LHj1KUaV9hT2C+Ev u8nzl6zYpW2tGe3+v6+lCEUWu1xlwd7trGv17i2YV1aT4MI70WJGM+UYtKZC1X10 ewdn3Z1Q/f/WiSL96FKHxusrI8vF6qA6aV3f+HSOQtwQ6fx80yyjCUC/5H2n3vHk +5WMEug2ZIxR7VUy6T11CVtftHi1ZVKT/q+zYZafAg6Jaf2aGTyYtiTxgngk+Auu rDzMnXDQAskbgoCN/VP8Il1by92391Jcx1AvK8OIN7w= -----END CERTIFICATE----- [Fri Apr 22 17:31:27 UTC 2022] Your cert is in: /root/.acme.sh/charlie.codotto.com/charlie.codotto.com.cer [Fri Apr 22 17:31:27 UTC 2022] Your cert key is in: /root/.acme.sh/charlie.codotto.com/charlie.codotto.com.key [Fri Apr 22 17:31:27 UTC 2022] The intermediate CA cert is in: /root/.acme.sh/charlie.codotto.com/ca.cer [Fri Apr 22 17:31:27 UTC 2022] And the full chain certs is there: /root/.acme.sh/charlie.codotto.com/fullchain.cer [Fri Apr 22 17:31:28 UTC 2022] Installing key to: /etc/nginx/ssl/charlie.codotto.com/privkey.pem [Fri Apr 22 17:31:28 UTC 2022] Installing full chain to: /etc/nginx/ssl/charlie.codotto.com/fullchain.pem [Fri Apr 22 17:31:28 UTC 2022] Run reload cmd: service nginx force-reload [Fri Apr 22 17:31:28 UTC 2022] Reload success * Testing nginx configuration ...fail!

Then I tried to debug a little bit more. I ended up trying to restart the nginx server and I get the following error:

NGINX CONFIGURATION ERROR

nginx: [emerg] BIO_new_file("/etc/nginx/dhparams.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
---Error Log---
2022/04/22 17:32:43 [emerg] 51642#51642: BIO_new_file("/etc/nginx/dhparams.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2022/04/22 17:32:43 [emerg] 51640#51640: BIO_new_file("/etc/nginx/dhparams.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2022/04/22 17:32:42 [emerg] 51550#51550: BIO_new_file("/etc/nginx/dhparams.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2022/04/22 17:32:17 [error] 51404#51404: *5 connect() failed (111: Connection refused) while connecting to upstream, client: 89.164.52.53, server: charlie.codotto.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:443/favicon.ico", host: "charlie.codotto.com", referrer: "http://charlie.codotto.com/"
2022/04/22 17:32:17 [error] 51404#51404: *5 connect() failed (111: Connection refused) while connecting to upstream, client: 89.164.52.53, server: charlie.codotto.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:443/", host: "charlie.codotto.com"
2022/04/22 17:31:28 [emerg] 51424#51424: BIO_new_file("/etc/nginx/dhparams.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2022/04/22 17:31:28 [notice] 51403#51403: signal process started
2022/04/22 17:31:19 [notice] 50093#50093: signal process started
2022/04/22 17:30:15 [notice] 49942#49942: signal process started

From what it looks like the directory /etc/nginx/dhparams.pem doesn’t exist.

Is there something I can do here to be able to create a reverse proxy that forwards the requests to mixpanel’s servers AND is using SSL?

Hello @bfrancisco, welcome to the Cleavr forum!

I haven’t tried this setup with Mixpanel before. Though, I don’t believe the port in this case should be set to 443 since that’s the SSL port exposed to the outside. I’d suggest checking to see if Mixpanel or their community has a guide on setting up reverse proxy with NGINX. I do see this in their docs - https://developer.mixpanel.com/docs/collection-via-a-proxy; looking at a glance, I’m thinking the NGINX directives for the proxy should be included in the NGINX configs for the actual site - as opposed to a new generic app. It looks similar to a guide I created for setting up proxy for Plausible Analytics as a way to answer for tracking blockers. Plausible Analytics - Cleavr docs - possible this will be helpful.

Humm… Pretty stupid of me to create a new instance only to serve as a reverse proxy. Thank you very much. It solved the issue

No worries - glad you got it working!