I need to host Node App on the Window Server using IIS. IIS provides only two ways iisnode module and reverse proxy using Application request Routing.
the problem here is that issnode is no longer being maintained by Microsoft and isn't secure to use, same as the case with reverse proxy.
What's the secure way of hosting Node.js app on Windows server?
Related
I'm developing a security system. It has a proxy server acting like a ssl termination using Nginx which will forwards all tcp/ip connections from clients to other third-party systems.
The client-proxy connections must be authenticated and securely encrypted by ssl.
And my problems is:
Each client is a computer which installed Windows 7 OS or higher. It has been installed with some third-party applications which cannot be interfered. For the better user experience, all clients' tcp/ip outbound requests from any applications must be transparently "converted" into (or "wrapped" in) ssl requests before coming to proxy server. And my first idea is to develop a network driver to access these requests using windows api, namely WFP(Windows Filtering Platform). I have read its online documentation but it's not easy to understand. Can you have to find some projects like this or tell me which sections in the documentation need to be focused? Thank you in advance!
Your issue is a bit unclear but here are my thoughts:
You want to have full encryption between the End User Client to the App Service.
Current:
Client --(443: TLS)--> NGINX --(Clear; Port 80)--> App Service
(Terminate TLS)
Change:
Client --(443: TLS)--> NGINX --(TLS; Port 443)--> App Proxy -(Plain; 80)-> App Service
(Terminate TLS) (Nginx with self-signed Cert)
The change is to add an additional Nginx server on the app server to provide the last layer of TLS between the load balancer and the App Service.
If your App service has the capability to serve SSL connections directly that's even better as you can just configure that in place of running an additional Nginx server on the app host. (If you wanted you could run apache or any other web server that supports proxy/load balancing capabilities)
If you are worried about the App Service port, it won't make a difference, the idea is that the App Proxy (being Nginx or the likes) will handle the encryption on a different port to then pass via localhost to the App Service (in plain text).
Additional Resources:
Can Nginx do TCP load balance with SSL termination?
https://serverfault.com/questions/978922/nginx-proxy-pass-to-https
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
https://nginx.org/en/docs/http/ngx_http_ssl_module.html
I am Developing a web site that has Angular.js based client and Web API 2 server.
Both will be deployed under my website subdoman: "Admin.myDomain.com".
I would like to have ssl support. (on client and also requests for server)
Thinking that the client will be under Admin.myDomain.com and the Webapi : Admin.myDomain.com/admin/
In term SSL connection - What should be the best way to deploy this?
What I thought:
1. Connect the IP to the machine - Conenct the SSL work on entire IIS level.
2. Have the angular client side deployed on default web site on IIS.
3. have the web api deployed as subfolder (another applicaation).
will this work?
Is there a better way?
You can create your certificate specifically for admin.website.com or with a wildcard for *.website.com. It depends based in your future needs and available budget.
I would suggest to avoid Default Web Site and create a new WebSite that accepts only 443 (and link the certificate here) then you put your API running there with something like.
https://admin.website.com/v1/api
and your angular application at:
https://admin.website.com/app
I seem to miss somehting really obvious.
Anyways, i am developing a ReactJs web app and use nodejs (browser-sync) to host a simple web server for testing on localhost. Everything's working fine.
As for the server side i have a REST Service hosted in ASP.NET WebAPI.
I want to keep the urls in the web app relative for deployment reasons (because then it doesn't matter what the hostname is, as long it's running on the same domain).
I know out of experience that it's possible to host a self hosted ASP.NET WebAPI and a Web Application in IIS Express (at least in different paths) at the same time.
But now when i start browser-sync (which uses node http server internally as far as i can tell) and then WebAPI service host, the service host tells me it can't host on this url.
When i start it the other way around, browser-sync automatically increases the port so that it's on the next free port.
Does somebody have experience with it?
EDIT:
My question maybe in a more general sense: How do you develop web apps that are hosted on a local web server (in my case via nodejs) against a local running web service? And do you use relative URLs in your web app? Which leads to the problem that the service and the web have to run on the same server
I solved my problem like this:
ASP.NET WebAPI hosts under a different port then the nodejs web server
I set up a proxy in nodejs webserver for all urls starting with '/api/' and proxy these requests to the WebAPI port
I can use relative URLs in my client
We have a Icneium Hybrid Mobile app accessing servicestack REST services. Is it OK to host the servicestack on Node.js instead of IIS? Any examples are highly appreciated.
You won't be able to host ServiceStack in node.js directly, but there are many proxy modules for node that can transparently proxy requests to a ServiceStack Self Hosted application, thus removing the need for IIS.
You now have two options:
If your intent is just to ditch IIS and you don't specifically need node.js then a self hosted application is great, because there are no other dependency layers. Requests can go straight to ServiceStack.
But if you are looking to have some integration with node.js, then as I said a transparent proxy can forward the requests to the ServiceStack service, but you will still need the Self Hosted ServiceStack service running behind the node proxy.
Set up a Self Hosted ServiceStack Service
To get this to work. You would need to configure ServiceStack to use Self Hosting. The way this is done is to create a AppHostHttpListenerBase AppHost in a console application, as shown in the link (above).
Once you have a Self Hosted application, you will have configured the hostname and port that ServiceStack will listen on. If you navigate to that URL you should see your ServiceStack service.
If you chose not to use node (option 1), then the ServiceStack application is ready to be accessed directly. If you do wish to use with node because you have some other part of your application already use node (option 2) then follow the next steps to setup a proxy.
Node.JS Proxy
There are many proxy modules for node available. I have chosen to go with the popular node-http-proxy, by nodejitsu.
Setup looks simple. Requests on port 80 standard http port will be forwarded to ServiceStack application on localhost:9000. Assuming that's were its running.
var http = require('http'),
httpProxy = require('http-proxy');
httpProxy.createProxyServer({target:'http://localhost:9000'}).listen(80);
If you need more control. Check out all the options in the documentation.
I am curious to understand how IIS 7.5 Reverse Proxy is implemented in Rewrite Module (v2).
I am planning to setup a website that will handle proxing between requests coming from users (internet) and my HTTP services that are deployed on the same server. I have setup a website within IIS and configured the reverse proxy logic. I've then setup another website on the same server and deployed all my WCF REST services there. I am planning to implement IIS offloading, common tasks (such as authentication, etc) on the reverse proxy website before the request gets to the actual services (like WCF routing service for SOAP). Configuration is working perfectly fine.
However I am trying to understand the implications of this setup. When IIS does reverse proxing, does it create a new HTTP request (and a new TCP port) between those two websites? And even if both sites are on the same server? Should I expect number of TCP connections opened on this server to get doubled when reverse proxy is used?
Furthermore, has anyone experienced any performance/resource issues with a similar setup?
Cheers,
OS