NGINX + Strapi (v4, v5) - A beginner deploy that is working

It usually deploy to Ubuntu cloud via Terminal, so follows.

Following strapi v4 documentation (opens in a new tab) I have had hard times configuring it, until I figured out a few things in the files.

To do this step is ideal to have project pulled from github in folder and pm2 configured and started for your strapi backend.

I am using Ubuntu at hostinger.com (opens in a new tab)

1. Install NGINX and Certbot via your Linux terminal:

sudo apt install certbot python3-certbot-nginx

2. Make ports allowances and check of the needed ports and protocols and restart the service to take effect. sudo ufw enable sudo ufw status

sudo ufw allow ssh sudo ufw allow http sudo ufw allow https

sudo ufw allow 22 #SSH sudo ufw allow 1191/tcp sudo ufw allow 1337/tcp

sudo ufw status sudo systemctl reload nginx

3. After that I finish generating the SSL entries with

sudo certbot --nginx -d api.example.com

4. First thing after install NGINX you must DELETE default symbol link (/etc/nginx/sites-enabled/default), the default symbol link will block strapi.conf. Then the command below removes the symbol link disabling NGINX 404 preconfigured showing NGINX is working properly. The original file at sites-available is kept but has no effect at all.

sudo rm /etc/nginx/sites-enabled/default

5. Create strapi.conf, is the main file to manage IPv4 and IPv6 in place of default

sudo nano /etc/nginx/sites-enabled/strapi.conf

Paste main config for strapi inside strapi.conf (press ctrl + x, press Y to confirm, press Enter to save)

server {
    # Listen HTTP
    listen 80; # IPv4 as mentioned in the Strapi documentation
    listen [::]:80; "# IPv6 not mentioned in strapi documentation"
    server_name api.example.com;
 
    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
  }
 
  server {
    # Listen HTTPS
    listen 443 ssl; # IPv4 as mentioned in the Strapi documentation
    listen [::]:443 ssl; "# IPv6 not mentioned in strapi documentation"
    server_name api.example.com;
 
    # SSL config
    ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem;
 
    # Proxy Config
    location / {
        proxy_pass http://strapi;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;
    }
  }

Those IPv6 config: listen [::]:80 ssl; and listen [::]:443 ssl; fixed some very specific issues for me, like "feching from strapi localhost to strapi production". Not inserting it gave me fetch timeout error, the local node sever persist to fetch via IPv6 and failed 100% of times with fetch ConnectTimeoutError: Connect Timeout Error, but all was working fine when app rendered in browser, console browser, also Insomnia and Postman.

Generate the symbol link shortcut from sites-available to sites-enabled

sudo ln -s /etc/nginx/sites-available/strapi.conf /etc/nginx/sites-enabled

6. As in the v4 documentation and now in Strapi forum, create the server upstream

sudo nano /etc/nginx/conf.d/upstream.conf

Paste the server content (press ctrl + x, press Y to confirm, press Enter to save) :

# path: /etc/nginx/conf.d/upstream.conf
# Strapi server
upstream strapi {
    server 127.0.0.1:1337;
}

This must be enough for NGINX to work with all the deafult configs /admin and /api/apiName as seen in localhost.