I have the following extremely basic Node.js server:
"use strict";
const http = require("http");
const https = require("https");
const fs = require("fs");
http.createServer((req, res) => {
console.log("regular works");
res.end("Regular response");
}).listen(3000);
https.createServer({
key: fs.readFileSync("/etc/letsencrypt/live/domain.com/privkey.pem"),
cert: fs.readFileSync("/etc/letsencrypt/live/domain.com/cert.pem")
}, (req, res) => {
console.log("secure works");
res.end("Secure response");
}).listen(3001);
I run this as sudo node filename.js, only because files in /etc/letsencrypt/live are root-only. I will do this properly later, this is only for testing.
When run, I can hit port 3000 just fine. The server console prints regular works, and the browser displays Regular response. However, port 3001 returns an empty response, and no message is printed to the server.
The LetsEncrypt files were generated with ./letsencrypt-auto certonly --standalone -d domain.com --email email#gmail.com --agree-tos and appear valid.
What am I missing to have the expected result?
There are two issues here:
Assuming you're not obscuring the real hostname/IP, you should use 127.0.0.1 or similar (if you're on the same machine) instead of 255.255.255.255.
HTTP is the default for cURL, so you're currently sending a plaintext HTTP request to your HTTPS server, which is not going to work (the HTTPS server sees the literal HTTP request as an invalid TLS handshake which causes the connection to end abruptly). To remedy this, explicitly include https:// (e.g. curl -I --verbose https://127.0.0.1:3001).
need to check that the URL contains https:// not http://
Related
I am setting up a reactjs application on port 3000 as well as a nodejs API server on port 3500 on the same box on the internet. Assume the box has a domain name example.com, and I am using nginx in reverse proxy to receive the end users over https, and internally direct it to the port 3000 of the reactjs server.
On the react code, while calling axios API for a get command, which of the following should I be using:
localhost:3500
http://localhost:3500
https://localhost:3500
example.com:3500
http://example.com:3500
https://example.com:3500
Few tests I did:
Access from my browser the reactjs application successfully as example.com (nginx does the mapping to port 3000)
Using https://reqbin.com/ I was able to access the nodejs server API and get the correct result using: http://example.com:3500/users
Using https instead of http causes an error: SSL connection error Error code: 10035
If end user is supposed to connect over https to the react server, then the react server as well as the nodejs server should be running in https mode, or the browser will block the request and it will never reach the server.
Here is how to:
Run the react server in https mode:
Change nginx reverse proxy configuration to be:
proxy_pass https://localhost:3000;
Changed the URL for the nodejs server that axios is calling from http://localhost:3500 to https://example.com:3500
After npm run build, and upload the build directory to the server, run the following commands:
su
serve -s build --listen 3000 --ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem" --ssl-key "/etc/letsencrypt/live/example.com/privkey.pem"
Run the nodejs server in https mode:
Change the code of server.js with the following:
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('/etc/letsencrypt/live/example.com/privkey.pem'),
cert: fs.readFileSync('/etc/letsencrypt/live/example.com/fullchain.pem')
};
https.createServer(options, app).listen(PORT, ()=>{
console.log(`Server running https on port ${PORT}`)
});
Run the following commands:
su
node server
I'm currently trying to understand the difference between 2 similar curl commands.
I spun up an AWS EC2 Ubuntu instance, and installed node.js on the instance. I then created a new directory called test-server. From within this directory, I ran npm init, then npm install express. I then wrote a simple web listener called test-server.js, which looks like this:
const express = require('express')
const app = express()
app.get('/', function(req, res){
console.log('Got a request!')
res.send('Request received!\n')
})
app.listen(443, function(){
console.log('Server started')
})
Finally, I started the server with the command sudo node test-server.js, and the server started successfully.
Using aws ec2 authorize-security-group-ingress, I allowed communication from my local IP address to the instance over port 443. I then attempted to test the connection using the following 2 curl commands: curl <ip>:443 and curl https://<ip>. The first command gave the expected output of Request received!. However, I received this error from the second command: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <ip>:443.
Now, I'm FAR from a networking expert, but I would have expected both of these commands to function in the same way. Based on this result, I have 2 questions:
What is the difference between these 2 commands?
How can I change the configuration such that the second command works as well as the first?
Your application is serving regular HTTP on 443 port. In order to use https protocol you need to use encryption keys
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
app.get('/', function(req, res){
console.log('Got a request!')
res.send('Request received!\n')
})
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);
Command curl <ip>:443 is opening http connection to port 443 on givenip,curl https://<ip> is opening https connection to given ip.
If you want your traffic to be encrypted, stick to https:// version (and expanded code for server).
What is the difference between these 2 commands?
:443 is simply the port configuration, no different than :80. It just tells the server to serve content on that port. 443 is traditionally the port reserved for HTTPS connections, similar to how 80 is traditionally standard HTTP.
How can I change the configuration such that the second command works as well as the first?
You'll need to install a TLS cert. HTTPS indicates that a certificate is being used to secure the connection, and the absence of that certificate will cause the request to fail.
I am trying to redirect every http request to an https server. This works fine if the port of the https server is the 443. However if I try to redirect to a different port it doesn't happen. Here is my code:
http.createServer(function(req,res){
var host = req.headers['host'],
url = req.url;
res.writeHead(301,
{"Location": "https://" + host + ":"+SERVER.SPORT + url})
res.end()
}).listen(SERVER.PORT)
https.createServer(SERVER.HTTPS_OPTIONS,app).listen(SERVER.SPORT)
Your host most likely already includes the port number.
You can make sure if you change this:
var host = req.headers['host']
to:
var host = req.headers['host'].split(':')[0];
Also add some logging:
console.log("https://" + host + ":"+SERVER.SPORT + url);
to see what the URL that you're building looks like.
You can also want to use the url module to work with URLs instead of manually concatenating strings to avoid mistakes like that. See:
https://nodejs.org/api/url.html
In any case add some logging to know what the URL that you're building looks like. Also test it with curl:
curl -v http://localhost:1234
to see what headers are returned.
I have a REST API built with node that communicates over SSL. The server is built uses express and makes use of vhosts and cors. I have recently added a listener on port 80 as well so I can force HTTPS. As I test, I tried to access http://manage.domain.com:443/ but the request just hangs. Neither listeners seem to accept it. All I want to do is redirect that request to https.
I assume you already know this, but you'll need an https server (duh) to serve the HTTPS content. It doesn't matter what port you run it on; 443 is just the default port for HTTPS. If you want HTTP requests to redirect to HTTPS, you'll need both an http and an https server. Here's an example of how your app file should look:
var http = require('http'),
https = require('https'),
express = require('express')
fs = require('fs');
var domain = 'localhost';
var app = express();
app.get('*', function(req, res){
// redirect to HTTPS
res.redirect('https://' + domain + req.path);
});
http.createServer(app).listen(80, function(){
console.log('HTTP listening on port 80');
});
var appSecure = express();
// configure your app here
var options = {
key: fs.readFileSync('ssl_key.pem'),
cert: fs.readFileSync('ssl_cert.crt'),
};
https.createServer(options, appSecure).listen(443, function(){
console.log('HTTPS listening on port 443');
});
Obviously, you will need your SSL key and certificate to make this work.
As you probably know, most systems require elevated privileges to open a port less than 1025; so if you use port 80 and port 443, you'll have to run the app server with elevated privileges (if you're running on OSX/Linux/BSD, just do sudo node app.js).
Okay. I have an app on express which also uses Socket.io and works fine via HTTP. However, now I have to move to HTTPS. Nodejitsu provide a lot of documentation on this. They suggest to use node-http-proxy (https://github.com/nodejitsu/node-http-proxy). Fine!
From the code for HTTP:
var server = http.createServer(app) // app is an Express instance
server.listen(config.port,config.hostip) // config.port is 80 for localhost and 3000 for Nodejitsu, config.hostip is 127.0.0.1 for localhost and 0.0.0.0 for Nodejitsu
I got this:
var server = http.createServer(app)
var options = {
https: {
key: fs.readFileSync(__dirname+"/ssl/privatekey.pem", 'utf8'),
cert: fs.readFileSync(__dirname+"/ssl/certificate.pem", 'utf8')
}
}
httpProxy.createServer(config.port, config.hostip, options).listen(3001,config.hostip)
var proxy = new httpProxy.HttpProxy({
target: {
host: config.hostip,
port: config.port
}
})
https.createServer(options.https, function (req, res) {
proxy.proxyRequest(req, res)
}).listen(3002,config.hostip)
server.listen(config.port,config.hostip)
When I finally deploy (no errors during deployment), I visit the page and see 502 error Socket hang up. OK, I might doing something wrong, so I just copy and paste the example from https://github.com/nodejitsu/node-http-proxy "Proxying to HTTP from HTTPS" to check if it works. But it doesn't - 502 error.
It works fine on my localhost though. I have also tried to launch standalone HTTPS server without node-https-proxy, but no luck. Please help, I cannot solve this for weeks.
Found by myself. Nodejitsu offers SSL by default, just visit your site via HTTPS://. For custom domains to apply SSL certs you need to subscribe for Business Plan.