I'm currently doing a login portal with ReactJS frontend and NodeJS backend, deployed on an AWS EC2 instance. I have used certbot to obtain an SSL, and nginx is able to serve the /build from the ReactJS app. Now my website is accessible at https://my-website without any errors.
When it sends API (https://my-website:8080/api) calls to my server (intialized using PM2), it returns a net::ERR_CERT_AUTHORITY_INVALID. My server is using corsOptions with options: https://my-website.
Is there a specific term or practice I should be doing?
What I've Tried
Use certbot to generate a server.key and a server.pem, and use the https package to create a server with them, but it returns net::ERR_CERT_AUTHORITY_INVALID.
Used fs to open the credentials created for my frontend app, but it returns a permission denied.
I've read that it is not ideal to directly manipulate credentials on the backend, and something along the lines of a reverse proxy should be adopted, however, I am still clueless after reading and trying out. I'd appreciate any help to get this going! Thanks in advance!
My Fix
I simply used the credentials I obtained from certbot in my server.js. Here's a snippet:
const credentials = {
key: myKey.pem,
cert: myCert.pem,
ca: myCa.pem
}
https.createServer(credentials, app).listen(PORT)
The main thing is to switch to the root user (sudo su), else access will be denied to open the file. Hope this helps!
Related
So im trying to make my localhost server up https to do some testing with webhooks, i was looking into http-server and i can get the https server up and running, but it wont server any content for my MERN application, it simply just downloads the file from the browser. I need to be able to server up my application from the localhost over https, but it seems that http-server only creates a web server... im sure if i was serving static content this might work, but it doesnt.
does anyone have any idea how to proceed? the goal is to ensure i can setup an https://localhost:3000 that i will expose on my router so i can take in content from a different API via a webhook and see what the data looks like.
Yes, setting up a https server can be done easily.
var privateKey = fs.readFileSync( 'privatekey.pem' );
var certificate = fs.readFileSync( 'certificate.pem' );
https.createServer({
key: privateKey,
cert: certificate
}, app).listen(port);
See the Node docs for more info: https://nodejs.org/api/https.html
Then you need to use a router to serve the application logic.
I have an ASP.NET Core 3.1 web app that I run on my local development machine. This app successfully runs. I can also successfully execute requests to it via Postman. I'm trying to run a test from a Node.js app. This app is using Axios to try to load one of the web pages. The request looks like this:
const result = await axios.get('https://localhost:5001/');
When this request runs, I receive the following error:
Error: unable to verify the first certificate
...
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
...
The fact that I can a) load the url in my browser and b) run the request from Postman leads me to believe there is a config issue with my Node app. I don't know if it's an issue with a) my axios request or b) some app configuration. Oddly, I receive the same error if I try to execute my request against http://localhost:5000/ (i.e. not over HTTPS).
I'm unsure how to resolve this issue though. How do I execute a request via Axios against a web app running on localhost?
You'll need to tell axios/node what signing authorities to trust (your browser and postman will already have several of those set up)
You do that by configuring the https agent in axios - have a look at this answer for an example : How to configure axios to use SSL certificate?
And here are instructions on how to get the bundle from the browser (you'll probably need to use a p7b/pfx or get all certs in the chain): https://medium.com/#menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2
I have a dedicated VPS through bluehost, hosted on it is my node.js project. As of now I can use app.listen(80) so that anyone who navigates to my url will get my ejs to correctly display to them, however the web browser shows the "not secure" message to the left of the url. I'm trying to get https working so that a web hook can send data to my web server. The other program that sends the web hook data requires an https address not http. I know that bluehost has built in SSL but I'm not sure how to use this in tandem with a node.js app. It seems to work fine if I publish just a simple HTML page. I've tried creating a self-signed certificate with openssl and using the following code
const options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);
But chrome refuses to accept the certificate when I navigate too mydomain.com:8000, additionally I'd prefer to find out how to set it up so that mydomain.com defaults to https, not http like it is doing so now. Thanks in advance for any advice!
Ended up finding that the BlueHost autoSSL files are stored at /home//ssl/ and you can read in both the *.key and *.cert files from there. The file paths don't change when the cert renews and it's signed by a proper CA instead of self signed so chrome and other browsers will actually accept it! Hope this helps someone else
I have an api created and hosted on Heroku. I have my web app running on localhost. I am using NextJS for my app. I am able to access all my apis hosted on Heroku via my web app which is running on localhost. I have one api which checks whether a cookie is available or not, I am calling the api in the getInitialProps method of the _app.js file of my NextJS app which is the entry point of the framework. If I comment that api call code then I don't get any error , but I need to check whether cookie is present or not so calling that code gives an error saying
Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:*.herokuapp.com, DNS:herokuapp.com
Also my cookie is not saved in the browser when I login. It works fine on postman so no problem from my api side and I can see the cookie in the postman.
I did set following in my NodeJS app
app.set("trust proxy", true);
I am using the cookie-session library in my express Nodejs app
in my case https://github.com/ushelp/EasyQRCodeJS-NodeJS/issues/30#issuecomment-1221164642 i always manual on create systemd file but i got same issue when tried using pm2.
i have an issue from my ecosystem.config.js where thats handle of env ( process.env.any )
something your value to pointing / save / load online its still on localhost or an ipaddress instead of your custom domain on VPS server these issue when u are using certbot instead of buying ssl.
these random error, in my case you can check on the above link for more detail but in short its just because you are using ipaddress or localhost in your code.
try to change your hardcode everything that point to correct env
but in your case you are using heroku thats mean you need to define
on reveal vars because heroku is not using an env file
here more for you
( put all your env to ) heroku --> setting --> Config Vars --> Reveal Config Vars
Read this article:
https://devcenter.heroku.com/articles/ssl
It's about installing certificates.
For me it looks that just the certificate is signed for localhost. The browser will reject it, because you access the site by another domain name.
So you have to self-sign a certificate and upload it, or buy a trusted certificate.
I'm running a nest api off of a single firebase function and a lot of endpoints throughout my controllers need SSL to work due to OAuth & because they send back a https-only signed cookie.
Because of that, I need to be able to run locally served firebase functions with SSL. I already have generated & registered the certificates and have previously used it with React/Angular and standalone Node + Nest projects.
This is specifically about getting it to work with a firebase function.
Currently, in my index I have:
export const API = functions
.region("europe-west2")
.https.onRequest(nestApp);
where nestApp is
const server = express();
Now in a normal Node + Nest application all I have to do is:
app = await NestFactory.create(AppModule, {
httpsOptions: {
key: keyFile,
cert: certFile,
},
});
Adapting this to the firebase function above doesn't work as I have to pass the express instance instead. I've looked everywhere through the docs & types where the object is nested where the http options with key and cert are, but no luck.
The HttpOptions interface from #nestjs/common does indeed have these two properties but the express adapter.options() takes a request handler and not that options object.
I think what you want to do is not possible... the way you want it to do it.
The goal of running a Cloud Function locally is for code-testing purposes but Google will still manage the infrastructure behind (SSL, authentication, etc.), even on a local environment.
Instead of manage this with the Function, why not to emulate a small server? I can think of a simple NGINX as a Reverse proxy (you can use any service you want for this). This will allow you to manage the SSL certs on a more friendly way.
Think it like this: Within your workflow, you call NGINX instead of the Function directly. NGINX will call internally the Cloud Function, the function will do its job and the response would be returned to NGINX and then back to your workflow from NGINX with the https-signed ready for the next step.
Hope this is helpful! :)