So im trying to make my localhost server up https to do some testing with webhooks, i was looking into http-server and i can get the https server up and running, but it wont server any content for my MERN application, it simply just downloads the file from the browser. I need to be able to server up my application from the localhost over https, but it seems that http-server only creates a web server... im sure if i was serving static content this might work, but it doesnt.
does anyone have any idea how to proceed? the goal is to ensure i can setup an https://localhost:3000 that i will expose on my router so i can take in content from a different API via a webhook and see what the data looks like.
Yes, setting up a https server can be done easily.
var privateKey = fs.readFileSync( 'privatekey.pem' );
var certificate = fs.readFileSync( 'certificate.pem' );
https.createServer({
key: privateKey,
cert: certificate
}, app).listen(port);
See the Node docs for more info: https://nodejs.org/api/https.html
Then you need to use a router to serve the application logic.
Related
I have a dedicated VPS through bluehost, hosted on it is my node.js project. As of now I can use app.listen(80) so that anyone who navigates to my url will get my ejs to correctly display to them, however the web browser shows the "not secure" message to the left of the url. I'm trying to get https working so that a web hook can send data to my web server. The other program that sends the web hook data requires an https address not http. I know that bluehost has built in SSL but I'm not sure how to use this in tandem with a node.js app. It seems to work fine if I publish just a simple HTML page. I've tried creating a self-signed certificate with openssl and using the following code
const options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);
But chrome refuses to accept the certificate when I navigate too mydomain.com:8000, additionally I'd prefer to find out how to set it up so that mydomain.com defaults to https, not http like it is doing so now. Thanks in advance for any advice!
Ended up finding that the BlueHost autoSSL files are stored at /home//ssl/ and you can read in both the *.key and *.cert files from there. The file paths don't change when the cert renews and it's signed by a proper CA instead of self signed so chrome and other browsers will actually accept it! Hope this helps someone else
I'm currently doing a login portal with ReactJS frontend and NodeJS backend, deployed on an AWS EC2 instance. I have used certbot to obtain an SSL, and nginx is able to serve the /build from the ReactJS app. Now my website is accessible at https://my-website without any errors.
When it sends API (https://my-website:8080/api) calls to my server (intialized using PM2), it returns a net::ERR_CERT_AUTHORITY_INVALID. My server is using corsOptions with options: https://my-website.
Is there a specific term or practice I should be doing?
What I've Tried
Use certbot to generate a server.key and a server.pem, and use the https package to create a server with them, but it returns net::ERR_CERT_AUTHORITY_INVALID.
Used fs to open the credentials created for my frontend app, but it returns a permission denied.
I've read that it is not ideal to directly manipulate credentials on the backend, and something along the lines of a reverse proxy should be adopted, however, I am still clueless after reading and trying out. I'd appreciate any help to get this going! Thanks in advance!
My Fix
I simply used the credentials I obtained from certbot in my server.js. Here's a snippet:
const credentials = {
key: myKey.pem,
cert: myCert.pem,
ca: myCa.pem
}
https.createServer(credentials, app).listen(PORT)
The main thing is to switch to the root user (sudo su), else access will be denied to open the file. Hope this helps!
I have Nginx with ssl setup which is working well. I use it as a proxy server for my nodejs server. I only have SSL in Nginx and not Nodejs spp.
Issue: Postman and other HTTP clients can still make post requests without SSL cert. This nodejs server is for both android client and web client, must I implement SSL to nodejs server(Application level) directly too? like below:
const https = require('https');
const express = require('express');
// const httpsOptions = {cert, ca, key};
const app = express();
const httpsServer = https.createServer(httpsOptions, app);
httpsServer.listen(443, 'exampledomain.com');
Flutter apps are also able to make request to the server without SSL. Meaning this server is still insecure.
How do I prevent HTTP clients from accessing the server without SSL?
By default postman always will post requests with SSL certificate, make sure that you turned the SSL verification off in Settings.
POSTMAN SETTINGS
Maybe your code is already working, but you are misleading the test.
I am a beginner at react development, I am confused about when I should use proxy or cors to make the front end talk to the back end.. Or do i need to use both? like proxy for development and cors for production?
CORS is completely related to back end when you want make your back end server accessible for any request use CORS.
example:
const app=require('express');
const cors=require('cors');
app.use(cors())// server will respond to any domain
Most of the time you are going to use a proxy when you want to be able to connect to an api that the webpack dev server isn't hosting but will be hosted by your server when published. An example will probably clear this up better than anything.
When developing you have the following scenario
API Server - running at localhost:4567 Webpack Dev Server - running at localhost:8080
Your App.js will make a request to the API server like so
$.ajax({
url: '/api/getOwnedGames',
...
});
Without a proxy this will actually make a request to localhost:8080/api/getOwnedGames (since you are browsing from the webpack dev server). If you however setup the proxy like so...
proxy: {
'/api/*': {
target: 'http://localhost:4567'
}
}
the api request will get rewritten to be http://localhost:4567/api/getOwnedGames.
if you aren't hosting your own api you probably don't need the proxy.
I am serving a static page over HTTPS (https://example.com) that makes requests to a node API on a different domain (example-api.com).
My API is a standard express app using HTTP. Here's my setup code:
var express = require('express');
var app = exports.app = express();
var port = process.env.PORT;
exports.server = require('http').createServer(app).listen(port);
In the requests from my static page, I specify https://example-api.com as the URL. This works most of the time, but every once in a while (10% of the time?) Chrome errors out on the requests with:
net::ERROR_INSECURE_RESPONSE
Other users who've come across this issue (e.g. Failed to load resource: net::ERR_INSECURE_RESPONSE socket.io) seem to solve it by adding a credentials option to their createServer call, e.g.
var server = https.createServer(credentials, app)
So when I tried to implement this I came up with the following:
var fs = require('fs');
var options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem')
};
var express = require('express');
var app = exports.app = express();
exports.server = require('https').createServer(options, app).listen(port);
However this solution doesn't seem to work for me. When I try it the requests never make it to my app - even logs in app.use middleware don't appear.
What's really confusing is the fact that my setup seems to work most of the time.
Does anyone know how I can reliably make my requests?
Thanks and sorry in advance for my ignorance.
I struggled with this a bit as well. If you are on windows I have a solution that is a bit of a work around, but will allow you to serve your site, and NodeJS app over HTTPS.
In Windows, I created a reverse proxy in IIS to point at the nodeJS RESTful endpoint (i.e. nodeJS RESTful services == website.com:7000). Don't let reverse proxy scare you, its gravy.
To Implement:
Install IIS (if you haven't already)
Create your Self Signed Cert (assuming you know how to do that), or apply your Cert you are using now.
Install Application Request Routing
Open your website configuration, and go to URL Rewrite
For the rewrite stuff:
For Pattern: ^api(.*)
For rewrite: http://www.website.com:7000{R:1}
This basically takes any request from: https://www.website.com/api/someApiAwesomeness, and rewrites it to your nodejs App running at http://www.website.com:7000. Now you have an SSL RESTful app..
Good luck man I hope this helps!