I'm making a hobby project and it involves a NodeJS http server that I access via a web browser (through GET and POST requests). The HTML/CSS/JS part of the webpage is local, not on the NodeJS server.
I understand I need to generate SSL certificates but those ask for things like domain names and stuff.
I simply want to enable HTTPS on my NodeJS server. Right now I'm manually encrypting all messages sent back and forth through AES, but I trust the https security more, I'm not a cryptographer.
Is there an easy way to get those certificates? My NodeJS server is accessible via the internet but only by IP address (port forwarded), and through the express module using HTTP requests.
Do I need to pay for them?
In this case you can take services from Digital Ocean, you can buy subscription as per your choice and deploy your Nodejs app with free SSL certificate.(let's encrypt)
However I recommend you to understand following concepts
Reverse proxy (nginx)
Process managements (pm2)
SSL certificates
I am sure, You would love to go though with starter tutorials from DigitalOcean
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
As Its a hobby project, otherwise I would have recommended other options.
Related
I have a single domain, which is pointed to the frontend(Reactjs) of the application hosted on cPanel. The backend(Nodejs) of the application is on a Linode VPS. The frontend of the application communicates with the backend through APIs.
Every thing was good in development phase but now in production the browser doesn't allows to use APIs with http (Was giving mixed content error) and to resolve this issue I changed it to HTTPS from HTTP and configured nginx with self signed certificate. Now I'm able to make requests from the browser using the IP Address of my server and I don't want to use domain for that but it shows the warning that the certificate is not trusted. How can I resolve this issue as I don't want to use another domain for the backend server.
Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?
Well, the good news is that you don't have to do that. The Cloud Foundry platform takes care of it for you.
All you need to do is push your app and assign a route to the app. Your platform operations team will already have everything set up so that traffic for both HTTP and HTTPS routes through to your application.
The only thing you probably want to do in your application is to look at the x-forwarded-proto (should be http or https) or x-forwarded-port (80 or 443) header. You can use this to determine if the client's connection was over HTTP or HTTPS, and if it's HTTP then issue a redirect to ask the client to connect over HTTPS (this force clients to use HTTPS).
You can read more about this in the docs at the following link:
https://docs.cloudfoundry.org/adminguide/securing-traffic.html
Having said all that, if you really want to control the certs for some reason you can do that. You would need to map a TCP route to your application. This will enable TCP traffic to flow directly to your application. Then you can configure your application as an HTTPS endpoint on the mapped TCP route and port.
Some notes about this:
You will almost certainly end up with some high numbered port, not 443. The platform will have a pool of available ports, which is configured by your operations team, and you are limited to using only those ports.
The platform and buildpacks will not help set up TLS, you will need to handle that all on your own. The good news is that it should work exactly the same as if your app were running on a VM or your local laptop.
You will need to create your own TLS certs and push them with the application. You can probably use Let's Encrypt, but you may need to obtain these through your employer, if you work for a large company.
I have started creating my own nodejs app (for the first time) that I hope to deploy at some point, perhaps to Heroku or another platform.
I need for my app to encrypt traffic namely for user passwords and sessions (note there is no other obviously sensitive data).
I started looking into serving my app using HTTPS (SSL) however I am now wondering if I need this. If my app is to be hosted and deployed using Heroku/other platform won't all requests be trafficked through their servers presumably using HTTPS by default? I am guessing that the request will then be routed using HTTP to my application, although I am struggling to understand how this works. Ultimately I would like to know if I can ignore worrying about paying for SSL certification and such like when it will not matter in this hosting environment?
Help much appreciated. Matt.
If you are using heroku then you must be using paid dyno( hobby or professional) and heroku provides free SSL to all paid dynos. Furthermore if you think that at some point you can switch hosting then there is always freessl available via Let's encrypt.
Heroku serves all requests with and without SSL in default herokuapp url.
Use cloudflare free plan. Open a free account in cloudflare, Copy the DNS. Then set the DNS in your domain service provider (godaddy or sth), then change the Cname config for the website inside cloudflare. Now you have a free certificate.
I'm trying to configure CouchDB to use SSL on IoT devices accessed via IP. I'm trying to avoid adding a webserver as a reverse proxy in an attempt to keep things as lightweight as possible and instead use CouchDb's builtin SSL functionality.
The problem I'm running into is that replication is going to fail Common Name certificate verification because we're accessing via IP. I'm hoping to use a custom verification function to check certificate thumbprint instead. It looks like verify_fun combined with someting like this ssl_verify_fingerprint function is probably what I'm looking for, but I can't figure out how to use it in the config file. How can I update this config line to use a custom function?
verify_fun = {Module, VerifyFun}
I am not sure I understand your question fully. By "nodes" do you mean a Node.js environment? You can configure CouchDb itself to use SSL, but normally you would serve your HTML from a web server and use CouchDb to provide information for the web pages. So users would not directly access CouchDb in that scenario.
The common solution is to configure Apache, Nginx or some other web server as a reverse proxy and SSL end point. You can then redirect incoming HTTPS requests to other services on your server such as Node.js. There are many guides on setting up a reverse proxy with SSL such as this one and this one. You can use "Let's Encrypt" for secure certificates. I hope this helps.
I developed a website that will be hosted on a webhosting server with dedicated IP in order to be able to use SSL (https).
This website makes some calls to a node.js app running on a VPS i am hiring. In this VPS i have some sensible data (database) and in the app i have a sensible user and password. I would like to know if the frontend uses SSL is enough to secure my VPS and app.js, or if there are some other actions i should perform.
Also i would be grateful if you can advise which is the best solution to hire: Dedicated IP WebHosting(frontend) + VPS (backend) Versus VPS (backedn and frontend). It's my first website and I need some experienced advices.
Regards,
If Node.js will be running with ssl certificate, then please use passphrase for ssl certificate that will be asked if you run node.js server. This will provide additional security.
Also, you can request for client certificate and reject unauthorized that provide additional layer of security and prevent from man-in-middle attack.