I have this SSR Angular web application that when I run (locally and production) I get the following warning
(node:6172) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
That's because I have the following line on my server (express-engine) file
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
If I remove that line, the requests to my API (HttpClient) will not work, giving the following error
'Http failure response for https://localhost:5000/: 0 Unknown Error'
So, how can I fix this in any environment? What could I be doing not to ignore the warning but set it right so I can keep the requests working and not using NODE_TLS_REJECT_UNAUTHORIZED?
Angular Universal does not wait for api/http request before render
Related
I'm building a WebApp with Node- & ExpressJS. Currently I'm trying to connect my app to our company's Keycloak with the keycloak-connect module. I configured it as mentioned in different tutorials and it works (atleast mostly).
When I connect to my WebApp, I receive the keycloak login screen and the login procedure is successful (session created on keycloak). After the login procedure and the redirect I receive an "Access denied" error and in the logs "Could not obtain grant code: unable to get local issuer certificate".
WebApp runs on port 443 with valid certificates
I've googled everything I could and tried following solutions:
-- Disable rejecting unauthorized TLS --
Disabled TLS Rejection for unauthorized certificates with the node envorinment variable:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
Works but isn't very secure...
Log.
-- Add an extra CA certificate --
Installed dotenv module and set following env variable in .env file:
NODE_EXTRA_CA_CERTS='/etc/pki/tls/cert.pem' (& ca-bundle.crt)
Included it in app.js with "require('dotenv').config();", doesn't work... Also tried to set it as a system environment variable with export.
It stands behind a proxy but I also configured express to trust all proxies with "app.set('trust proxy', true);".
-- Versions --
Node - v16.13.1
Express - ~4.16.1
Keycloak-connect - ^16.1.1
I've seen this problem on many different pages and they're mostly not fully resolved... Would be nice to find a solution for this problem.
Thanks in advance! :)
Yannic
Well I've found a solution and it works perfectly!
This comment on a GitHub issue describes, how to send ca files with the HTTPS server from NodeJS.
You can enter your ca files / bundles in an array:
const trustedCa = [
'/etc/pki/tls/certs/ca-bundle.crt',
'/etc/pki/tls/cert.pem'
];
Then read them with fileSync and set them as the globalAgent.options.ca option for the HTTPS server:
https.globalAgent.options.ca = [];
for (const ca of trustedCa) {
https.globalAgent.options.ca.push(fs.readFileSync(ca));
}
And that's all that needs to be done! Now I can login via Keycloak and it successfully redirects me to my WebApp without any errors.
Hopefully this helps.
Yannic
I have install the ssl certificate in my angular and nodejs project. but after installing the certificate i am unable to login into my application. My main index.js file is running perfectly, but when i am tried to login from my application, it showingn me 500 (Internal Server Error) with a message (Cannot read property 'NODE_ENV' of undefined). I am showing you the localhost but the same problem is coming on production.Please help me out here, how can i fix it.
My error image of application
My nodejs console working picture
It's not HTTPS SSL problem.
Seems that the problem is on the file which defines a handler for POST /login, attach this file for more details.
I deployed my NodeJS/Express app on AWS Beanstalk. The current config is :
Environment type: single instance
EC2 instance type: t2.micro
Node.js version: 10.15.0
No load balancer
Proxy server : Nginx
When deployed it gives me a URL http://<app-name>.<server-location>.elasticbeanstalk.com/
I tested (using Postman) my authenticate API with the URL - http://<app-name>.<server-location>.elasticbeanstalk.com/users/authenticate and it gives me the status code of 200 OK and is working fine.
When I use HTTPS instead of HTTP it doesn't work as expected. In postman I get below error:
There was an error connecting to https://<app-name>.<server-location>.elasticbeanstalk.com/users/authenticate
I have my frontend deployed on netlify and when I trigger the same request from my Web application it gives me below error :
The page at 'https://<app-name>.netlify.com/login' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<app-name>.<server-location>.elasticbeanstalk.com/users/authenticate'. This request has been blocked; the content must be served over HTTPS.
I understand that since my request is coming from https I need to have my backend configured to have https listener. I am not sure as to how I can accomplish this in AWS Beanstalk where I don't have a Load balancer and my env type is a single instance.
I am new to AWS. Appreciate your help. Thanks!
You'll need to add an .ebextension config file to:
Allow 443 traffic in your Security Group
Install the ssl package
copy the certificates from the application package to the ssl dir. (certificates can be created in the certificate manager) or paste them in the config file
edit nginx config
Here is an example
https://edwardsamuel.wordpress.com/2015/07/17/enable-https-and-http-redirect-on-aws-elastic-beanstalk/
socket.io-client.cpp does not connect to node app on Heroku while Node JS socket.io-client does without any problem. Error is:
[2018-12-11 19:32:43] [connect] Successful connection
[2018-12-11 19:32:43] [error] handle_read_http_response error: websocketpp.transport:7 (End of File)
[2018-12-11 19:32:43] [info] Error getting remote endpoint: system:107
Changed URL from https to http://myapp.heroku.com - works now. Is it possible to connect via https as well? JS socket.io-client connects via secure connection without any problem.
Have built socket.io-client-cpp app with SIO_TLS in DEFINES (compiler flag: -DSIO_TLS) - connects via https fine now! This enables TLS support as mentioned here:
https://github.com/socketio/socket.io-client-cpp/pull/137
I want to deploy a mern project on ssl. Currently it is running on server with ip address but when I deploy it on ssl it is not running. It is working fine on http.
I have change on node modules transport-node and make it http to https.
1-I am using nginx as proxy server
When I deploy on ssl it give error:-
1-emitter.js?8a6f:50 OPTIONS https://privateIp:port/ net::ERR_SSL_PROTOCOL_ERROR
2-websocket.js?0f24:6 WebSocket connection to 'ws://privateip/sockjs-node/831/bocznd0p/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
3- your request is http,while it is require https.(handshake problem)