This is my code for enabling https on node express server.
const express = require("express");
const path = require("path");
const https = require("https");
const fs = require('fs');
const crypto = require('crypto');
const passphrase = 'passphrase';
const options = {
pfx: fs.readFileSync('./cert/test.pfx'),
passphrase: passphrase,
secureOptions: crypto.constants.SSL_OP_NO_TLSv1
| crypto.constants.SSL_OP_NO_SSLv2
| crypto.constants.SSL_OP_NO_SSLv3
| crypto.constants.SSL_OP_NO_TLSv1_2,
}
const port = process.env.PORT || 8083;
const app = express();
...
This works fine if i hardcode the passphrase, or if the passphrase is in a variable. But when i am trying to read it from process.env.PASSPHRASE, it gives me "mac verify failure".
I can see that the process.env variable is being set by logging it in the app.
I have tried setting the variable as follows:
SET PASSPHRASE=passphrase
SET PASSPHRASE='passphrase'
SET PASSPHRASE="passphrase"
and in code:
passphrase: process.env.PASSPHRASE
passphrase: process.env.PASSPHRASE || 'passphrase'
passphrase: process.env.PASSPHRASE.toString()
none of these work.
I am on a windows machine and i can see that the way i am setting environment variables seems to be correct, as i am also getting the PORT from process.env when running the server.
Shortly after posting the question, I realized that it must be a fault in how i am setting the environment variable.
This was how i was setting the variable and running the app:
SET HTTPS_PASSPHRASE=passphrase && node server-prod.js
it seems all what was required was to remove the space before the &&
SET HTTPS_PASSPHRASE=passphrase&& node server-prod.js
the space was being considered a part of the value of the variable as well. I did not realize it sooner as the trailing space wasn't showing up in console.log
Related
I am trying to connect to the Google cloud redis instance from Google cloud function, i am using the same code provided in GCP platform,
***'use strict';
const http = require('http');
const redis = require('redis');
const REDISHOST = process.env.REDISHOST || 'localhost';
const REDISPORT = process.env.REDISPORT || 6379;
const client = redis.createClient(REDISPORT, REDISHOST);
client.on('error', err => console.error('ERR:REDIS:', err));***
However, that code is not working. After going through various articles I found that we need to use a URL as shown below
***const redisURL = "redis://foo.bar.org:6379"
redis.createClient( {url: redisURL} )***
My question is, where can I get the URL details in GCP in order to use it in the code.
Using gcloud, run the following command:
gcloud redis instances describe REDIS-INSTANCE --region=REGION --project=PROJECT
REDIS-INSTANCE is the name you gave your redis instance when you created it.
If successful, gcloud returns details about the instance, including:
.
host: 10.0.0.27
.
port: 6379
.
=> redis://10.0.0.27:6379
See:
https://cloud.google.com/memorystore/docs/redis/create-instance-gcloud#creating-redis
I was looking through my codebase today, the portion which sets up the server and found the following lines:
var https = require('https');
https.globalAgent.options.secureProtocol = 'TLSv1_2_method';
function createHttpsServer(app) {
var https = require('https');
var fs = require('fs');
const options = {
secureProtocol: 'TLSv1_2_method',
// ...
};
var server = https.createServer(options, app);
return server;
}
It looked like code duplication to me and I am not sure why these do different things (or do they?).
A colleague of mine told me that the top one is for controlling TLS in HTTPS requests made from NodeJS, which in turn, gives us access to the https.agent which is used for all things related to client HTTP requests.
This was also compared to the ServicePointManager in the .NET world.
So do these methods both do different things? At some point, our code does:
var server = protocol === 'https' ? createHttpsServer(app) : createHttpServer(app);
Wouldn't that be using the same server at the end of the day?
var server = protocol === 'https' ? createHttpsServer(app) : createHttpServer(app);
The above line creates the same server, the only difference is if the protocol is 'https' it will run on HTTPS server (this require SSL certificate) whereas if the protocol is http it will run on HTTP server.
It seems to be an evidence for a lot of people, since I really found nothing about how I can configure an AdonisJS app to listen to HTTPS...
Can you help me, please ?
bootstrap/http.js
Replace Server.listen(Env.get('HOST'), Env.get('PORT')) with the following code.
If your cerificates files are in app/ssl folder, you can do this using,
const https = require('https')
const Helpers = use('Helpers')
var certOptions = {
key: fs.readFileSync(Helpers.appPath() + '/ssl/<you-privatekey.pem>'),
cert: fs.readFileSync(Helpers.appPath() + '/ssl/<your-certificate.pem>'),
}
https
.createServer(certOptions, Server.handle.bind(Server))
.listen(Env.get('HOST'), Env.get('PORT'))
Some time ago I tried pretty much the same code on previous version of nodejs and it worked (suppose we have router already)
var https = require('https');
var fs = require("fs");
var crypto = require("crypto");
var private_key = fs.readFileSync("cert/domainname.key").toString();
var cert = fs.readFileSync("cert/domainname.crt").toString();
var options = crypto.createCredentials({
key: private_key,
cert: cert
});
var server = https.createServer(options, router);
server.listen(8080);
I got error Missing PFX or certificate + private key. Why is that? I passed both private key and certtificate.
You shouldn't need to use crypto.createCredentials() or .toString() the file contents:
var options = {
key: fs.readFileSync('cert/domainname.key'),
cert: fs.readFileSync('cert/domainname.crt')
};
var server = https.createServer(options, router):
https.createServer() expects an options Object, with either a pfx or key and cert, rather than a credentials object created by crypto.createCredentials().
And using .toString() on the Buffers from readFileSync() will attempt to treat the binary as UTF-8 and convert to a UTF-16 String, which may actually cause data loss.
Side note: Unlike require(), fs paths like 'cert/domainname.key' will be relative to the current working directory. To treat them as relative to the current module file, you can combine them with __dirname.
fs.readFileSync(__dirname + '/cert/domainname.key')
See an example of using https with express here: https://github.com/steinfletcher/https-expressjs-example/blob/master/README.md
I have a number of nodejs applications running on Express using the code below. They all run fine using code similar to the following:
fs = require 'fs'
https = require 'https'
express = require 'express'
server_port = 3000
keys_dir = 'keys/' server_options = {
key : fs.readFileSync(keys_dir + 'privatekey.pem'),
cert : fs.readFileSync(keys_dir + 'certificate.pem') } app = express.createServer(server_options)
app.listen server_port
console.log "HTTPS Server started on port #{server_port}"
However, when trying to create a new application using this code I see a ERR_SSL_PROTOCOL_ERROR when starting the https server. Any idea what is causing this problem?
I discovered that was caused when moving from express 2.5.8 to express 3 - specifically 3.0.0beta4. When creating a new project the version pulled from npm had changed to the version 3 series. Even though the module is marked as "beta" when you run express --version this version is what is installed now when running npm install express. The details of the changes are outlined here.
To solve this for my case I used the following code:
const fs = require("fs");
const https = require("https");
const express = require("express");
const keysDir = "keys/";
const options = {
key : fs.readFileSync(keysDir + "privatekey.pem"),
ca : fs.readFileSync(keysDir + "certrequest.csr"),
cert : fs.readFileSync(keysDir + "certificate.pem")
};
const app = express();
https.createServer(options, app).listen(3000);