I have one AWS EC2 machine and my client and API applications both deployed in the same machine. I have enabled SSL for client (react app) but when I enabled it this time I could not fetch data from API because it is not SSL enabled it serves from "HTTP" not "https" so I get et::ERR_SSL_PROTOCOL_ERROR error. I looked some ways to enable SSL from API, I can use nginx SSL but my client uses nginx SSL with port 443. How my API can serve from the same port?
I could not solve this issue before client SSL enabled, it worked with API but now I does not.
Could you help me?
Related
I want to use https (port 443) for my web app which is developed using NodeJS express mongodb.In order to do that I know I need to get ssl certificate. My app is hosted by Amazon ec2. My express server listens port 3000.I created ssl certificate using Amazon Certificate manager ,and I also set up apache following some tutorial. However when I go to port 40 I see apaches page (I used to see my app here since I redirected port 80 to 3000 before). When I do https request it just gives me nothing.I set load balancer and attached to my ec2 instance.Is there a good tutorial or can you tell me what I am missing? This became so annoying.
I need help with finding a method to create a SSL cert for my IP address so that I can use the REST api between my frontend Vue and backend Express.
NGINX is the web server. And it serves the frontend and it redirects the connection to HTTPS with SSL cert from Let's Encrypt. However there is a mixed protocol error when the frontend connects with the backend as it is served through HTTP.
My workaround was to create a HTTPS server for the Express files. But I needed a SSL cert to validate the HTTPS server for Express and there are no SSL cert that is free for the address used to serve the Express files, which is the IP address. Some suggested using self-signed but they are only useful for development and now I am trying to use it for production.
The ssl certs which work for nginx also work for express.
If you are running Express only, then you can drop nginx completely and use https on express with the let's encrypt certs.
Otherwise if you have an exotic configuration, then you can configure nginx as an ssl reverse proxy using proxy redirect to change the protocol. https://chase-seibert.github.io/blog/2011/12/21/nginx-ssl-reverse-proxy-tutorial.html
I have AWS instances (behind a load balancer) serving a Node.js / Express app for mobile clients. I would like to enable SSL for the API calls on this app. There are multiple tutorials on how to enhance my Express app to use SSL, but can can folks advise please what should be the ELB configuration in such a scenario?
Should I have the ELB listeners (both load-balancer side as well as instance-side) to be http (not https)? And then make the Node.js app use a certificate from say LetsEncrypt?
Or should I instead have the load balancer be https based (and thus have its own associated certificate from AWS Certificate Manager)? In that case, what happens to the LetsEncrypt certificate - do I still integrate that with the Node.js app?
Many thanks!
You would enable SSL on the load balancer and use an ACM certificate. You wouldn't need a SSL certificate on the NodeJS server unless you just want the communication between the ELB and the server to also be encrypted.
I'm quite new to this. I have a node-express https server that currently runs locally on my machine. My simple website runs on this https sever and make xmlhttp requests to consume some APIs (as these APIs only accept requests from https endpoint). At the moment I'm using a self signed SSL certificate.
I'd like to deploy the server with html, js files to EC2 and make it accessible to the public. My questions are
Can I use AWS Certificate Manager to generate a SSL certificate, and how to use it with node-express server? Can node-express use this SSL certificate on EC2? or do I need to use this SSL certificate with Elastic Beanstalk and ELB?
I did some research but the ACM documentation said an email will be sent to the registered domain owner for each domain name in the certificate request. I don't have a domain as I plan to have users access my site using IP address. What do I do in this case?
Many thanks for your help!
You can't use an ACM certificate directly with NodeJS. You have to place a load balancer in front of your server and install the ACM certificate on the load balancer.
The ACM service does not support SSL certificates for IP addresses, only domain names. I recommend obtaining a domain name.
I'm developing a security system. It has a proxy server acting like a ssl termination using Nginx which will forwards all tcp/ip connections from clients to other third-party systems.
The client-proxy connections must be authenticated and securely encrypted by ssl.
And my problems is:
Each client is a computer which installed Windows 7 OS or higher. It has been installed with some third-party applications which cannot be interfered. For the better user experience, all clients' tcp/ip outbound requests from any applications must be transparently "converted" into (or "wrapped" in) ssl requests before coming to proxy server. And my first idea is to develop a network driver to access these requests using windows api, namely WFP(Windows Filtering Platform). I have read its online documentation but it's not easy to understand. Can you have to find some projects like this or tell me which sections in the documentation need to be focused? Thank you in advance!
Your issue is a bit unclear but here are my thoughts:
You want to have full encryption between the End User Client to the App Service.
Current:
Client --(443: TLS)--> NGINX --(Clear; Port 80)--> App Service
(Terminate TLS)
Change:
Client --(443: TLS)--> NGINX --(TLS; Port 443)--> App Proxy -(Plain; 80)-> App Service
(Terminate TLS) (Nginx with self-signed Cert)
The change is to add an additional Nginx server on the app server to provide the last layer of TLS between the load balancer and the App Service.
If your App service has the capability to serve SSL connections directly that's even better as you can just configure that in place of running an additional Nginx server on the app host. (If you wanted you could run apache or any other web server that supports proxy/load balancing capabilities)
If you are worried about the App Service port, it won't make a difference, the idea is that the App Proxy (being Nginx or the likes) will handle the encryption on a different port to then pass via localhost to the App Service (in plain text).
Additional Resources:
Can Nginx do TCP load balance with SSL termination?
https://serverfault.com/questions/978922/nginx-proxy-pass-to-https
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
https://nginx.org/en/docs/http/ngx_http_ssl_module.html