my problem maybe be some complex
i want to develop a v2ray(vless)+tls+websocket server with auth system
i dont want edit v2ray source code
i just want develop a middleware to handle auth with node.js
i wants verify user by username and password and add his ip to white ip list for my vpn port
i dont know how can i do this, i know ip is dynamic and i can re-register and replace it with client automatically
now i have 2 options with 2 questions:
can i use ngingx? with nginx i can make a whiteListIP in config file and i can edit it and restart it with node.js app per user register, but it makes a question, for use new config you should restart nginx, it can reduce performance?i dont know nginx restarting how much time need
can i register them with node.js and forward them request to vpn port?my mean is my node.js app is a middleware between user and vpn port to auth requests, requests are websocket connection.
ty if u can help me
Related
I am having a pretty big problem at work and would like some help. Basically I have a react front end and a node.js backend to connect to the database. The problem is that the company I am buildign this for will only open 1 port (443) for the webpage. And since react is generating on the clients side I cant use a localhost url to call the backend to get info from the database. They said they might open another port if we make it HTTPS. So I tried using express and https with a self assigned ssl certificate, which worked on my side. On the clients end the webpage's http call doesnt make it to the express server.
I have also started to build this with webpack and express, so the server will render the react code. This should work but I am suspecting a problem with webpack (have not had a good experience with it in the past).... Anyways, is there anything one of yall can think about that will allow my client rendered react app to connect to the database? How do other companies handle something like this? Really any help would be great. I have been under so much stress from this.
If you think you have any information that could help point me in the right direction, I would greatly appreciate it!
I dont think you need to open any other port to access the database, since the code that will access it will run server-side. I mean, yes the database port will need to be open locally, but it does not need to be open to the Internet.
In other words, you will need to have your react code access an API on your server (https end-point on port 443) in order to retrieve data. Your solution with Express should work. I guess you have a Node server listening on port 443, and that you are using Express as framework server-side. It is this server side code what should access the database and provide the data to https requests made by your React client-side code. Your browser might not like your self-signed certificate, and you will probably need to tell it to trust the certificate.
UPDATE:
If you want to block all ports from the server except port 443, you can use a firewall to achieve that, and make the ports look inactive, except for request coming from localhost, the server itself. If that's not an option, you could also choose to connect to the database using a socket path instead of a TCP port.
I want to host a web app with node.js on a Linux virtual machine using the the HTTP module.
As the app will be visualising sensitive data I want to ensure it can only be accessed from PCs on the same LAN.
My understanding is that using the HTTP module a web server is created that's initially only accessible by other PCs on the same LAN. I've seen that either by tunnelling or portforwarding a node.js server can be exposed if desired.
Question
Are there any other important considerations/ways the server could be accessed externally?
Is there a particular way I can setup a node.js server to be confident that it's only accessible to local traffic?
It really depends what you are protecting against.
For example, somebody on your LAN could port forward your service using something like ngrok. There are a few things you can check for:
In this case the header x-forwarded-for is set. So, to protect against this you can check for this header on the incoming request, and if set you can reject the request.
The host header is also set and will indicate how the client referred to your service - if it is as you expect (maybe a direct local LAN address such as 192.168.0.xxx:3000) then all is OK, if not (I ran ngrok on a local service and got something of the form xxxxxxxx.ngrok.io) then reject it.
Of course a malicious somebody could create their own server to redirect requests. The only way there is to put in usernames and passwords or similar. At least you then known who is (allegedly) accessing your service and do something about it.
However, if you are not trying to pretect against a malicious internal actor, then you should be good as you are - I can't think of any way (unless there is a security hole in your LAN) for your service to be made public without somebody actively setting that up.
My last suggestion would be to use something like express rather than the http module by itself. It really does make life a lot simpler. I use it a lot for just this kind of simple internal server.
Thought I'd add a quick example. I've tested this with ngrok and it blocks access via the public address but works find via localhost. Change the host test to whatever local address (or addresses) you want to serve this service from.
const express=require('express');
const app=express();
app.use((req,res,next)=>{
if (req.headers.host!=='localhost:3000' || req.headers['x-forwarded-for']){
res.status(403).send('Invalid access!');
} else next();
});
app.get('/',(req,res)=>res.send('Hello World!'));
app.listen(3000,()=>{
console.log('Service started. Try it at http://localhost:3000/');
});
I would prefer using nginx as a proxy here and rely on nginx' configuration to accept traffic from local LAN to the node.js web server. If this is not possible, a local firewall would be the best tool for the job.
I am using this app https://github.com/nice-table/bitmex-scaled-orders to connect to testnet.bitmex.com through the api to place orders. I am running the app on Windows in node.js. It looks like the app starts a websocket on port 1337 and a bitmex proxy on port 8000. The app uses a GUI through the browser that you connect to through localhost:3006.
I have a proxy server set in Windows settings. I am unable to access localhost:3006 without the bypass proxy checkbox checked which makes sense. However, when I check the box, it seems as though outgoing traffic to bitmex is also bypassing my proxy. I am able to know because when I put wrong proxy info, the app still connects. Shouldn't this checkbox only apply to local traffic? Is there any way I can make this app use my proxy?
This can be used for testing, make sure the testnet is selected in the app
key ID: 9I0Ez-z-a8wAgM-IB03OMLg0
key secret: OzanemIvHP368THbeGjT6by5bABmYWIXQvAXILX6oumQpipY
I am illiterate when it comes to this stuff please let me know if theres more info I can provide. I tried contacting the author on github but no answer.
I am working on a swift project for osx with Firebase. I have a node web server to communicate between the clients and the Firebase-server, but it's a localhost-server. Do I need a real domain name to make the server accessible to end-users on another device? (I don't want a web app, just the backend for myself)
you doesn't need a domain .. but you need a serve to deploy having ip address .. suggestion you can use cloud server
You have two ways:
make request on port that the nodejs uses, example http://101.01.01.01:8000
use nginx like proxy, in this setup make your requests on 80 port (it's default), example http://101.01.01.01.
If you wont make something like dev environment on local machine use first case (don't forgot open port for other devices), for production - second.
I'm using node js trying to send my web-page to my network, I successfully call localhost:port in my computer using express as server, the webpage loads fine trigger my webcam which I used to streaming in the webpage, and then im working to make a simple app in my phone to directly access my server, so my questions:
1.How do I able to access my server from different devices in the same wireless-network? by calling ip + port ?192.168.1.104:9001 ? cause i've tried and it didnt work.
2.I've found https with .pem something like that, is that the answer ? is there also any other way ?
3.maybe any advice before i work to make my web-app to devices? using koa? i don't even really know what is that, but i'm happily take any advices.
EDIT: i've read How could others, on a local network, access my NodeJS app while it's running on my machine?
let's say I simply using random router, so i can't configure my router-port, my server in my pc and my phone join in the same network, trying to access the server in my phone
1.How do I able to access my server from different devices in the same wireless-network?
All you need to do is find your server's IP address in this same wireless-network, and find the Node.js application's port. Then access the following URL in other devices:
http://{server_IP}:{port}
However, there are some points need to check:
Need to check firewall and confirm the port is not blocked, server IP is not blocked by test device, and test device IP is not blocked by server.
Need to check whether there is any Proxy setting in server and test device. If there is any, disable the proxy.
A computer may have many IP addresses at the same time, you need to find the correct one in the same wireless-network. For example, If you install a virtual machine software such as VMware and run a virtual system inside, your real computer will get IP address as 192.168.*.* -- this IP address looks like an intranet IP in wireless-network, but it is not, and can never be accessed by test device.
2.I've found https with .pem something like that, is that the answer?
No, HTTPS has nothing to do with this problem. HTTPS just add security (based on HTTP layer), it does not impact any HTTP connectivity. Actually, to minify the problem, it is better to only use HTTP in your scenario.
There is only one very special case that may bring your problem by HTTPS -- the test machine is configured and will block any non-HTTPS connection for security.
3.maybe any advice before i work to make my web-app to devices? using koa?
My suggestion is: As there is an HTTP connectivity issue, the first step is trying to find the root cause of that issue. Thus, it is better to make a simplest HTTP server using native Node.js, no Koa, no Express. In this way, the complexity of server will be reduced, which makes root cause investigation easier.
After the HTTP connectivity issue is fixed, you can pick up Koa or Express or any other mature Node.js web framework to help the web-app work.
4.let's say I simply using random router, so i can't...
Do you mean your server get dynamic IP address by DHCP? As long as the IP is not blocked by test device, it does not matter.