Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 days ago.
Improve this question
I use no-ip for a domain name for my website that's hosted on my raspberry pi. I use port forwarding so the router forwards the incoming traffic to the raspberry pi. However, I just purchased a DV SSL certificate for the no-ip domain. I used the https module to create a secure server, and I supplied my express.js app as the app which handles traffic. Whenever I try to access the https version of my no-ip domain, I either get the connection timed out error when using mobile data, or the "this site uses an unsupported protocol" when using WiFi.
Make sure that your SSL certificate is configured correctly. You can use an online SSL checker to verify that your certificate is valid and installed correctly.
The errors you get usually indicate issues related to your SSL installation and server configuration. Scan your SSL certificate with an SSL checker tool like SSL Labs for example and look for potential red flags, and the TLS verisions supported.
If you're 100% confident your router is properly configured, check your firewall. It may be blocking HTTPS traffic.
You could also try checking your server logs for potential errors.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have a Virtual Private Server (VPS) running Debian 10. On this server there is an application (its code rather cannot be modified) which creates an open TCP/IP port (let's say 6000). The application has a simple database with users and passwords and all incoming messages MUST be HTTP.
Obviously, at this point I am more than worried about the security of the communication (which in fact does not exist due to the plain nature of HTTP).
My first thought would be to drop all packets on the mentioned port for the eth0 iface (which is exposed to Internet), create OpenVPN server on my VPS and connect to this VPN all clients that would like to use my application. The problem here is that these clients will most likely be Android devices and it will not be possible to upload certificates for each device and do other configuration magic to establish the VPN connection. I also would not like to implement OpenVPN in a dedicated Android app.
My another though was that there is maybe an application which I would start on the VPS and it would implement such logic:
Android app <--HTTPS--> UnknownApp(on VPS side) <--HTTP--> port6000(My original unsafe app also on the VPS side)
Is it feasible to implement such scenario? Ofc I could write such app on my own but I would prefer to use tested and reliable solutions.
The application you are looking for is stunnel. It does exactly what you described, it is well tested, based on well-known libraries, and production ready.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I got a dedicated server for a project(angular/nodejs). I already configured centos web panel and through this, my domain with let's encrypt ssl, frontend and backend api and everything is up and running so far.
The backend api is running through jenkins/pm2 and it's up on my ip:port3333 but I need it to be ssl, so for example, I would need it to be https://api.example.com:3333 otherwise I'm getting this error on my project: This request has been blocked; the content must be served over HTTPS.
If I try https://example.com:3333 or https://subdomain.example.com:3333 i get an ERR_SSL_PROTOCOL_ERROR which i guess it's normal since centos web panel seems to apply only to the main domain.
So, how can I point a domain or subdomain to the service port 3333 and apply an ssl to it? Or if I can't, how should I proceed to get the service running with ssl? Do i really need this config serverside or is it a matter of the app.
Any idea on how to proceed? Not sure what config should I share.
Thanks in advance.
Turns out it was caused by a missconfiguration on my reverse proxy on apache to a custom port.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm currently building an application and I want to make sure that I use HTTPS throughout the whole application. The application is a web application in Golang and I wanted to know how to get legit certificates so that my application can be secure.
I would say it depends on how the application is gonna be deployed.
Hosting the application on a VPS / private server as a systemd service ?
You could look into Certbot if you want to manage SSL renewal automatically. But still you'll need to provide the certificate into your application, or use a HTTP proxy such as NGINX to expose your application on HTTPS.
This approach would work, but can be painful as you'll need to install / manage Certbot & possibly Nginx on your server.
Another good option would be to use Traefik, it's a Proxy server with builtin Let's Encrypt support, so that you'll be able to use free SSL, automatically renewed, by just installing the service, and creating a little configuration file.
I would personally choose the external proxy approach on this one, and especially Traefik. It shouldn't be the job of you web application to manage HTTPS, but more an external proxy. So that if one day you need to scale your application, it shouldn't be painful.
Well, you have a few options. I found it easy to use ZeroSSL to get a trusted certificate, but there are many other ways to do so. You can also use Certbot, but it several dependencies to be installed.
If you are getting certificate for FQDN , you can use Letusencrypt which provides many clients support including certbot. You can find it here
https://letsencrypt.org/docs/client-options/ but please remember it wont work without fqdn.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
A client is asking me if I could create a "VPN" extension that can connect to their VPN server. I have seen numerous VPN extensions on the Chrome Web Store, but they only affected Chrome. Doesn't a VPN affect all connections?
I have found chrome.proxy. Are the VPN extensions really VPN's or are they actually web proxies? Can I tell the client that they need to setup a web proxy server instead of a VPN server, and I use chrome.proxy for this purpose?
Many "VPN" extensions are essentially proxies, indeed: they cannot affect anything except the traffic of the browser itself (through chrome.proxy and chrome.webRequest API).
There are, however, two exceptions.
On Chrome OS (and Chrome OS only) an extension can use chrome.vpnProvider API to broker a connection to a VPN.
Using Native Messaging, you can have an extension communicate with another application running in the OS that can manage "true" VPN connections. However, that does require a separate installation of such a module with appropriate OS permissions, and makes the Chrome extension nothing more than a remote control for it.
So using the path #2 above, it is possible to create a true VPN extension, but that would require software installation outside of the browser.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I purchased a domain through Amazon Route 53 and am hosting my Node.js/ExpressJS app on an Amazon Linux EC2 Instance server. I can get my site to run on my EC2 server by using the public IP:portNumber or by using the publicDNS:portNumber, but I am struggling to understand how to set up the record sets in the hosted zone section of the Route 53 console to have my website point to www.thedomainipurchased.com:portNumber. I also read somewhere that you can't add the port number onto the public ip like that, so I would like to know how to set up both records to do this. I'm new to DNS, which is why I've had such a hard time although I'm sure to some people this seems very simple so would really appreciate any feedback to be explained in as basic and simple of a way as possible. Record Set Picture here
DNS only provides a way to map names to the IP addresses of hosts. Except under very limited circumstances you can't include a port number. DNS simply isn't designed to do that.
Ports are determined by the protocol involved. If you use a web browser to connect via HTTP then it will default to using port 80. If you use a web browser to connect via HTTPS then it will default to using port 443. When you send e-mail the default port is 25. When you SSH into a server the default port is 22. And so on. Default ports are essentially part of the specification for the global internet.