I have two node js application. One of them is a webserver. It serves static html css javascript and image files. This web server is running on google cloud app engine. I have a domain that is bind to this app engine. And whenever a user visits my domain my webserver gives responses to it and it gets my frontend of my website.
The other node application is a socket server(socket io). It runs on a compute engine and i want this socket server to communicate securely. Because there are important messages for me in a communication of client and server sockets. Thats why i bought an ssl certificate.
I applied my ssl certificate to my domain and now i want my client sockets to connect to a port of my domain(for example to https://www.example.com:8443)
However i dont know how to forward 8443 port of my domain into my compute engine's 8443 port without terminating the https security.
How can i do that?
Thank you in advance
Well the Google Console has a networking section from where you can open ports for your applications. See this link: https://console.cloud.google.com/networking/firewalls/list?project={your-project-id}. Replace {your-project-id} with your project id.
Another option is that instead of using a ssl certificate, you can encrypt the messages sent between your server and client
Related
I'm making a hobby project and it involves a NodeJS http server that I access via a web browser (through GET and POST requests). The HTML/CSS/JS part of the webpage is local, not on the NodeJS server.
I understand I need to generate SSL certificates but those ask for things like domain names and stuff.
I simply want to enable HTTPS on my NodeJS server. Right now I'm manually encrypting all messages sent back and forth through AES, but I trust the https security more, I'm not a cryptographer.
Is there an easy way to get those certificates? My NodeJS server is accessible via the internet but only by IP address (port forwarded), and through the express module using HTTP requests.
Do I need to pay for them?
In this case you can take services from Digital Ocean, you can buy subscription as per your choice and deploy your Nodejs app with free SSL certificate.(let's encrypt)
However I recommend you to understand following concepts
Reverse proxy (nginx)
Process managements (pm2)
SSL certificates
I am sure, You would love to go though with starter tutorials from DigitalOcean
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
As Its a hobby project, otherwise I would have recommended other options.
I have a single domain, which is pointed to the frontend(Reactjs) of the application hosted on cPanel. The backend(Nodejs) of the application is on a Linode VPS. The frontend of the application communicates with the backend through APIs.
Every thing was good in development phase but now in production the browser doesn't allows to use APIs with http (Was giving mixed content error) and to resolve this issue I changed it to HTTPS from HTTP and configured nginx with self signed certificate. Now I'm able to make requests from the browser using the IP Address of my server and I don't want to use domain for that but it shows the warning that the certificate is not trusted. How can I resolve this issue as I don't want to use another domain for the backend server.
Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?
Well, the good news is that you don't have to do that. The Cloud Foundry platform takes care of it for you.
All you need to do is push your app and assign a route to the app. Your platform operations team will already have everything set up so that traffic for both HTTP and HTTPS routes through to your application.
The only thing you probably want to do in your application is to look at the x-forwarded-proto (should be http or https) or x-forwarded-port (80 or 443) header. You can use this to determine if the client's connection was over HTTP or HTTPS, and if it's HTTP then issue a redirect to ask the client to connect over HTTPS (this force clients to use HTTPS).
You can read more about this in the docs at the following link:
https://docs.cloudfoundry.org/adminguide/securing-traffic.html
Having said all that, if you really want to control the certs for some reason you can do that. You would need to map a TCP route to your application. This will enable TCP traffic to flow directly to your application. Then you can configure your application as an HTTPS endpoint on the mapped TCP route and port.
Some notes about this:
You will almost certainly end up with some high numbered port, not 443. The platform will have a pool of available ports, which is configured by your operations team, and you are limited to using only those ports.
The platform and buildpacks will not help set up TLS, you will need to handle that all on your own. The good news is that it should work exactly the same as if your app were running on a VM or your local laptop.
You will need to create your own TLS certs and push them with the application. You can probably use Let's Encrypt, but you may need to obtain these through your employer, if you work for a large company.
I have a server and I am designing some web applications. I use React as frontend framework and Rust Actix as backend framework. The backend program listens at 8000 port, and can be reached by my_domain:8000/api/xxxx.
I think I can use a web server listening at 80 port, such that if client is requesting /, then returning the frontend page, if client is requesting /api, then redirect the request to 8000 port of localhost.
My problems are:
Is the above way recommended in the modern web application design? Are there any other ways of hosting both frontend and backend application in the server?
What web server can I use? Apache, Nginx, or manually write a web server?
I use two docker containers to contain the frontend and backend app. Do I need to dockerize the web server as well?
I'm developing a security system. It has a proxy server acting like a ssl termination using Nginx which will forwards all tcp/ip connections from clients to other third-party systems.
The client-proxy connections must be authenticated and securely encrypted by ssl.
And my problems is:
Each client is a computer which installed Windows 7 OS or higher. It has been installed with some third-party applications which cannot be interfered. For the better user experience, all clients' tcp/ip outbound requests from any applications must be transparently "converted" into (or "wrapped" in) ssl requests before coming to proxy server. And my first idea is to develop a network driver to access these requests using windows api, namely WFP(Windows Filtering Platform). I have read its online documentation but it's not easy to understand. Can you have to find some projects like this or tell me which sections in the documentation need to be focused? Thank you in advance!
Your issue is a bit unclear but here are my thoughts:
You want to have full encryption between the End User Client to the App Service.
Current:
Client --(443: TLS)--> NGINX --(Clear; Port 80)--> App Service
(Terminate TLS)
Change:
Client --(443: TLS)--> NGINX --(TLS; Port 443)--> App Proxy -(Plain; 80)-> App Service
(Terminate TLS) (Nginx with self-signed Cert)
The change is to add an additional Nginx server on the app server to provide the last layer of TLS between the load balancer and the App Service.
If your App service has the capability to serve SSL connections directly that's even better as you can just configure that in place of running an additional Nginx server on the app host. (If you wanted you could run apache or any other web server that supports proxy/load balancing capabilities)
If you are worried about the App Service port, it won't make a difference, the idea is that the App Proxy (being Nginx or the likes) will handle the encryption on a different port to then pass via localhost to the App Service (in plain text).
Additional Resources:
Can Nginx do TCP load balance with SSL termination?
https://serverfault.com/questions/978922/nginx-proxy-pass-to-https
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
https://nginx.org/en/docs/http/ngx_http_ssl_module.html