I'm building a distributed web app designed to be hosted on IPFS. I want to do development in a web browser, using my local gateway to serve my files, but I use Javascript APIs that are not permitted without being served off HTTPS.
I tried starting a reverse proxy with self-signed ssl pointing at my local IPFS http gateway, but when I visit links using the reverse proxy, say https://___hashhere___.ipfs.localhost:8081/, I'm redirected to http://___hashhere___.ipfs.localhost:8080/:
GATEWAY_PORT=$(ipfs config Addresses.Gateway | cut -d'/' -f 5)
HTTPS_PORT=$((GATEWAY_PORT+1))
echo "https proxy to your ipfs gateway now at: https://localhost:$HTTPS_PORT"
exec npx local-ssl-proxy --source $HTTPS_PORT --target $GATEWAY_PORT
How can I run a local https+ipfs gateway in a command or two? I guess I need a reverse proxy that rewrites URLs in responses?
If you use Chromium-based browser, then http://___hashhere___.ipfs.localhost:8080/ will have window.isSecureContext set to true and you will have access to all Web APIs. No need for TLS setup for dev on localhost with Chromium (Firefox has a bug).
If you are running IPFS Companion, you may want to disable it when you develop your app, to ensure requests for IPFS resources are not redirected to the gateway set in browser extension's Preferences.
In production, you deploy go-ipfs behind a reverse proxy and that proxy terminates TLS. You can control the protocol scheme and host used in some of redirects via X-Forwarded-Proto and X-Forwarded-Host headers, as noted in go-ipfs/docs/config.md
Related
I deployed my NodeJS/Express app on AWS Beanstalk. The current config is :
Environment type: single instance
EC2 instance type: t2.micro
Node.js version: 10.15.0
No load balancer
Proxy server : Nginx
When deployed it gives me a URL http://<app-name>.<server-location>.elasticbeanstalk.com/
I tested (using Postman) my authenticate API with the URL - http://<app-name>.<server-location>.elasticbeanstalk.com/users/authenticate and it gives me the status code of 200 OK and is working fine.
When I use HTTPS instead of HTTP it doesn't work as expected. In postman I get below error:
There was an error connecting to https://<app-name>.<server-location>.elasticbeanstalk.com/users/authenticate
I have my frontend deployed on netlify and when I trigger the same request from my Web application it gives me below error :
The page at 'https://<app-name>.netlify.com/login' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<app-name>.<server-location>.elasticbeanstalk.com/users/authenticate'. This request has been blocked; the content must be served over HTTPS.
I understand that since my request is coming from https I need to have my backend configured to have https listener. I am not sure as to how I can accomplish this in AWS Beanstalk where I don't have a Load balancer and my env type is a single instance.
I am new to AWS. Appreciate your help. Thanks!
You'll need to add an .ebextension config file to:
Allow 443 traffic in your Security Group
Install the ssl package
copy the certificates from the application package to the ssl dir. (certificates can be created in the certificate manager) or paste them in the config file
edit nginx config
Here is an example
https://edwardsamuel.wordpress.com/2015/07/17/enable-https-and-http-redirect-on-aws-elastic-beanstalk/
I have a node app that is setup on SSH by running node osjs run --hostname=dc-619670cb94e6.vtxfactory.org --port=4100.
It starts at http://dc-619670cb94e6.vtxfactory.org:4100/ without problems, but instead I want to serve it through HTTPS https://dc-619670cb94e6.vtxfactory.org:4100/ , where I receive an error ERR_CONNECTION_CLOSED.
If I use the port I'm unable to reach it with https, but https://dc-619670cb94e6.vtxfactory.org/ is accessible.
How can I serve the port 4100 through htttps?
Thanks.
This is an implementation detail of OS.js. Their docs recommend setting up a reverse proxy for servers. Doing this will give you more control over SSL and ports, like you want
https://manual.os-js.org/installation/
any ideia why my node only runs in http? The node keeps running but if you put https in browser the node will not work properly, as it only works properly on http,
Configuring Nginx and SSL with Node.js for HTTPS
Please go through the below link and follow all steps
Link
Note: It is mandatory to have Domain Name forwarding request to your working Node IP Address
I have an existing ssl certificate through LetsEncrypt for my domain. On the same server as my site I have an express app running at port :8080. Before adding the SSL to the domain I was able to make requests to http://domainname:8080.com. Now that the domain making the requests is https it obviously can't make those requests. If I instead make requests to https://domainname:8080.com, I get no response and instead get a timeout error.
I have attempted to curl -X -POST on the server manually and it returns (35) gnutls_handshake() failed: The TLS connection was non-properly terminated. If I however run the same command pointing to the non https domain it executes correctly. I also tried installing the https modules for express and pointing it to the same certs I'm using for the domain. For all my effort I cannot get this to work. What am I missing here? I want to make requests to a port on the same server that is serving my app.
Setup a reverse proxy in my nginx site config from the domain to the ip address the express server was running on. This solved all the issues I was having.
My base case is that my Meteor App runs perfectly on Opsworks.
I do a Meteor build, tweak the files and all is good (without HTTPS/SSL). I am not using METEORUP. I just upload my tweaked build file and deploy on opsworks.
Also, I am using the out of the box Opsworks HAPROXY loadbalancer.
I then install the SSL certificates for my app and set Meteor to list on PORT=443 as per screenshot:
In the browser, I see:
503 Service Unavailable
No server is available to handle this request.
In the log files I see:
Mar 8 03:22:51 nodejs-app1 monit[2216]: 'node_web_app_buzzy' start: /bin/bash
Mar 8 03:23:51 nodejs-app1 monit[2216]: 'node_web_app_buzzy' failed, cannot ope
n a connection to INET[127.0.0.1:443/] via TCPSSL
Any ideas welcome
Your HAproxy configuration is expecting meteor/node to respond with SSL.
It should instead, terminate SSL and talking to node/meteor in plain HTTP. This is because, meteor doesn't do SSL ; it expects a server in front to handle it.
Solution:
Update the frontend https-in section to terminate ssl and redirect to the http backend
defaults
#... add this line to enable the `X-Forwarded-For` header
option forwardfor
# ...
# .... update this section ...
frontend https-in
mode tcp
# this bit causes HAProxy to talk TLS rather than just forward the connection
bind :443 ssl crt /path/to/your/certificate
reqadd X-Forwarded-Proto:\ https
# now direct it to your plain HTTP application
acl nodejs_application_buzzy_domain_buzzy hdr_end(host) -i buzzy
use_backend nodejs_app_servers if nodejs_application_buzzy_domain_buzzy