How to serve both http and https with Caddy? - caddy

How should I configure Caddy to serve both http and https instead of redirecting by default to https?
http://example.com/info
https://example.com/info
Background:
We have a Windows program that connects to one of our domains to retrieve information over http.
In future versions we want to connect to a new server using https served by Caddy.
But we don't want to break functionality in older versions of our software, so we need to use the same URL and be able to receive the same data via http and https.

I think something like this will work
example.com/info {
# TLS config
}
http://example.com/info {
# http config
}

Related

which to prefer http vs https in nodejs

Recently i learned about https module in nodejs,
Like How to use it and generating certificate and key for it.
But there is also http module which most of the tutor teaches at beginning.
But the main question is,
when i create back-end server with http module.
and hosted on website like heroku after deploying we get by default https protocol for our website and its secure.
and even same for using https module
so what's the difference/advantage we get by using http/https module on one over another protocol?
does it make difference?
and which module to prefer while writing server code?
When you are running in a hosting environment like heroku that puts you behind a proxy and that proxy handles the https to the outside world for you, then that's all you need. There is no need to use https on your server directly between you and the proxy as it already has https to the outside world via the proxy and you don't need https between your server and the proxy as that's local to the secure network of the hosting facility.
If you are not running behind such a proxy, then you will want your own server to be https.
In order to ensure secure communication with users of your Express.js applications, you can make all traffic to use HTTPS, by forcing a redirect from HTTP.

How might one set up a reverse proxy that cannot decrypt traffic?

I'd like to have a reverse HTTPS proxy that CANNOT decrypt proxied traffic (ie an HTTPS passthrough/tunnel). The idea is to run this proxy on a VPS and point a domain to it, allowing for the IP address of the origin server to remain unexposed while maintaining end-to-end encryption.
Is this possible? I could probably proxy requests without difficulty since the destination address in that direction is fixed, but proxying responses seems problematic given that the proxy would be unable to read the client IP within an encrypted response.
A potential solution is to have the origin server package the encrypted response and destination address in a request made to the proxy, but I am unsure as to how I might generate the encrypted request without sending it (using node.js, which is the application running on the origin server).
From your question, I got that you want to listen to requests from your VPC server and pass the request to your other server which has to remain unexposed.
This can be configured with the web server which you are using for proxy ( considering AWS allows port forwarding from a VPN server to non-VPN server ).
I prefer doing this with Nginx as it is easy, open-source with less code and more functionality.
There is a concept of load balancing which does the same as you mentioned above.
steps :
Install Nginx and keep it active.
Create a new configuration file in /etc/nginx/sites-enabled
write the below code with modifications:
http {
upstream myapp1 {
server srv1.example.com;
server srv2.example.com;
server srv3.example.com;
}
server {
listen 80;
location / {
proxy_pass http://myapp1;
}
}
}
and at the place of srv1.example.com and srv2.example.com add the domain to which you want to redirect requests
Save the file and restart the Nginx
Boom!! it should redirect all incoming requests to your application.

how to access own Node.js server in https web site which deployed in nginx

i do deploy a website in nginx and translate it from http to https using let's cerbot before. it runs well.
My question is, in my website, i need to access my own Node.js Server using axios. As before, i used http, it goes well expect security.But now, below the Https connect, the browser blocks my http connect.So i tried update my Node Server to support Https connect using Self-signed SSL certificates, but the browser blocks it as well.
Who can tell me how can i fix this problem and make the site work well.Thank you!
You should setup nginx as reverse proxy for nodejs server

NodeJS/Express automatic detection of SSL over HTTP (HTTPS) explanation?

I have a server over HTTPS on NodeJS with Express.
When uploading a file, I have used the req.protocol directive in the controller to get either the HTTP or HTTPS "part" of the URL, so that I can save the file with the absolute URL. The problem is that without enabling the "trust proxy" setting of express (http://expressjs.com/en/api.html#trust.proxy.options.table), HTTPS doesn't get detected.
I thought this setting was used in the case of the actual redirect (when using the HTTP URL and the server doing the 301 redirect to HTTPS).
So this is more of an explanation question, rather than a solution one:
Why doesn't the HTTPS get detected when calling the URL through that?
trust proxy has nothing to do with 301 redirects.
That settings is important when running your node server behind a proxy:
+----------HTTPS--------+---HTTP---+
| | |
client --> internet --> proxy --> node.js
It is typical that you have some sort of proxy between the internet and your node server; for example a CDN server, a load balancer, or simply an nginx instance or such. The HTTPS connection is established between the client and that proxy. The proxy cares about the necessary wrangling of the SSL certificate and encrypting the connection and doesn't burden your application server (node) with those details. It is then forwarding only the relevant details of the request via plain HTTP to your node server. Your server only sees the proxy as the origin of the request, not the client.
Since the node server didn't itself handle the HTTPS connection, how could it know whether the connection between the client and the proxy was HTTPS? It can't. The proxy needs to voluntarily forward that information too. It does so in the X-Forwarded-* HTTP headers. The information whether it was specifically HTTP or HTTPS is sent in the X-Forwarded-Proto header.
The thing is, those are just HTTP headers. Anyone can set those headers. The client itself could set those headers. That's why you need to explicitly opt into using those headers with the trust proxy setting, iif and when you know your app will be running behind a proxy which sets those headers. When you're not running behind a proxy but your node server is directly exposed to the internet, you must switch that setting off; otherwise anyone could set those headers, your server would obey those headers and be lead to use false information.

Redirect HTTP to HTTPS in node.js

Please excuse me for my incompetence.
Can I Redirect a http request to https request in node.js, Without running the http server?
Is it possible to only use https server on node.js and redirect http request to https?
No this is not possible. HTTP and HTTPS needs to listen on different ports. This depends on that they are different protocol types. Therefore you need two servers. Also in Apache and Nginx you need 2 Configurations for handling the redirects between HTTP and HTTPS.

Resources