I added domain to my dokku app
dokku domains:add myapp example.com
then I encrypted the app connection
dokku letsencrypt myapp
the problem is when I deployed my app it deployed to http and https connections
=====> Application deployed:
http://example.com
https://example.com
My question is how to make dokku deploy app to https connection only
The reason behind make dokku only deploy app to https connection
Because if app deploy to http connection then the attacker can access my app via requested http connection http://example.com using postman (for example or other tool). An example of this case is heruko.com it is encrypted using Letsencrypt but if you try to make request using http connection http://heruko.com via postman then success response will returned.
Another reason that if the https certificate expires then the attacker can access my app via http connection
Dokku should redirect any requests to http-URLs to the respective https-URLs. So your visitors should be protected.
It is not a problem if an attacker accesses your app using http. The only difference is that anyone between your server and the hacker could intercept and modify the request data. But your server is not less secured when the http-URL is used.
Https is only used to protect the data between your visitors and your server. It does not protect your server in any way.
Related
I currently have an https domain https://example.com hosted in a Windows Server R2019 machine. I am also developing a web application in Node.js in my laptop that will, in the future, be installed in the server.
Say I want to share my app with external parties that require https. During this test stage I will keep the web app in my laptop, instead of installing it in the server. In order to use the same SSL certificate assigned to https://example.com, would I be able to configure IIS to redirect a certain URL like https://example.com/myapp to my laptop's internal IP/PORT (192.168.xxx.xxx:port) where the app is hosted?
Thank you in advance.
I have a single domain, which is pointed to the frontend(Reactjs) of the application hosted on cPanel. The backend(Nodejs) of the application is on a Linode VPS. The frontend of the application communicates with the backend through APIs.
Every thing was good in development phase but now in production the browser doesn't allows to use APIs with http (Was giving mixed content error) and to resolve this issue I changed it to HTTPS from HTTP and configured nginx with self signed certificate. Now I'm able to make requests from the browser using the IP Address of my server and I don't want to use domain for that but it shows the warning that the certificate is not trusted. How can I resolve this issue as I don't want to use another domain for the backend server.
I am having following setup, I have deployed public-facing front end application having NGINX web server(with Angular App) on Azure Linux App service, this is part of the docker container.
I am having another Linux app service having .net API.
Now, in order to force HTTPS, do I need to set up https certificates on Azure App service or should I be setting them in the container too where I have Nginx setup?
Second, where and how should I be mentioning the following rules
1. Redirect HTTP request to HTTPS
2. Redirect non-www traffic to www?
You try with:
server_name your_domain.com *.your_domain.com;
return 301 https://www.your_domain.com$request_uri;
SSL gets off-loaded at the front-end of App Services. That means that SSL requests never get to your Web App. You don't need to (and should not) implement any support for SSL into your app.
http://learn.microsoft.com/en-us/archive/blogs/waws/things-you-should-know-web-apps-and-linux#NoSSL
I need help with finding a method to create a SSL cert for my IP address so that I can use the REST api between my frontend Vue and backend Express.
NGINX is the web server. And it serves the frontend and it redirects the connection to HTTPS with SSL cert from Let's Encrypt. However there is a mixed protocol error when the frontend connects with the backend as it is served through HTTP.
My workaround was to create a HTTPS server for the Express files. But I needed a SSL cert to validate the HTTPS server for Express and there are no SSL cert that is free for the address used to serve the Express files, which is the IP address. Some suggested using self-signed but they are only useful for development and now I am trying to use it for production.
The ssl certs which work for nginx also work for express.
If you are running Express only, then you can drop nginx completely and use https on express with the let's encrypt certs.
Otherwise if you have an exotic configuration, then you can configure nginx as an ssl reverse proxy using proxy redirect to change the protocol. https://chase-seibert.github.io/blog/2011/12/21/nginx-ssl-reverse-proxy-tutorial.html
I use netlify.com for the front-end (React.js) which automatically comes with https, but it's not allowing me to make https requests to the express server as my express server does not have a cert.
How do I get a cert for my express server (which serves only RESTFUL APIs) with AWS Certificate Manager? It's asking for domain name but all I have is a static IP for the AWS EC2 instance.
If AWS Certificate Manager is not suitable for this case, what's the easiest free way to get a cert and set it up for the Express server? I'm running the Express server directly via node, without apache/nginx.
You will have to point a domain name to the REST API server. You can't request an SSL certificate for an IP address. Do you not own a domain name that is pointing to your React app already? You should setup a subdomain like api.example.com that points to your API server, and then request an Amazon SSL certificate for that subdomain.
Note, you must be using an Elastic Load Balancer or CloudFront to use an Amazon Certificate Manager SSL certificate. You can't install it directly on an EC2 instance.