secure websocket for https - security

I have a local PHP server for my website and a local PHP server for websocket but websockets doesn't work anymore since I installed self-signed SSL certificats in WAMP. I have read that I have to use wss:// but when I change ws://localhost/xxx/server.php to wss://xxx/server.php but it doesn't solve my problem. I have accepted the certificat in firefox and chrome but it doesn't change anything. Any idea of what i supposed to do to repair websocket? Do I have to install certificat or key in my websocket PHP server?

You have to put the same certificate for the web page, and access the page with https://, therefore the browser will prompt you to accept the self-signed certificate and the websocket will be able of connecting using ws://
Also, be sure you use different ports for ws:// and wss://, some browsers get messed up if you start changing the connection of the same port.

Related

ERR_SSL_PROTOCOL_ERROR when making request to server IP

I got a nodeJS express API /w nginx up and running on an ubuntu server. I've set up everything but when I try to access the API (https://167.xx.xx.xx:80/get-all-products) directly or through my client I get this error:
ERR_SSL_PROTOCOL_ERROR
I've did some searching and I found out that this could be because my server does not have a valid ssl certificate but for a ssl certificate I would need to have a domain / be the owner of the ip adress which I guess i'm not as the server is hosted by another company.
How can I fix this error without having to buy a domain for my server?
https://167.xx.xx.xx:80/... ...
I've did some searching and I found out that this could be because my
server does not have a valid ssl certificate
This isn't the case here yet. The problem instead is that you are simply trying to switch from http:// on port 80 to https:// on port 80 without having the server setup for HTTPS. Thus the client will try to speak HTTPS while the server only understands HTTP - and this causes the failure you see.
To be able to use https:// in the URL you need to setup the server for this and the configuration must use a certificate which matches the URL (domain or IP) - no way around this.

Can't connect with HTTPS but HTTP works fine

I'm trying to secure my we server using HTTPS and SSL/TLS to access my website. Going to the site by www.-----.------.compute-1.amazonaws.com works and the connection is successful. But when I try https://www.-----.------.compute-1.amazonaws.com chrome says "This site can’t be reached" "www.-----.------.compute-1.amazonaws.com refused to connect". I am using an Amazon Linux instance. Where did I go wrong?
Typical problem. I am assuming some things here.
You launched a EC2 (or something similar) Instance
Didn't Open 443 port or Configure it further.
Using port 80 for serving pages.
I think you got the answer. Check this out.
I needed an SSL certificate from a CA (certificate authority). I was using a self-signed certificate which doesn't work in a browser.

HTTPS for socket.io via Cloudflare

I have a chrome extension which uses an externel socket.io server to connect clients together.
During development I was able to connect to the server via http://localhost:2087 just fine, but right now I need socket.io to work over HTTPS so I can access it from a browser tab being server by HTTPS.
I don't want to deal with certificates, and want to keep the code on the socket.io server mostly the same, so I want to proxy the IP for the server via Cloudflare and establish SSL like that.
But I haven't been able to, the socket.io server uses no other webserver, but I can change it to use the native NodeJS http or https libraries.
But I haven't been able to access the socket.io server via the Cloudflare proxy. Clouflare returns 522 errors, which means a connection timeout.
Apparantly flexible SSL only works with with ports 443->80
Other ports are not supported...

how to access own Node.js server in https web site which deployed in nginx

i do deploy a website in nginx and translate it from http to https using let's cerbot before. it runs well.
My question is, in my website, i need to access my own Node.js Server using axios. As before, i used http, it goes well expect security.But now, below the Https connect, the browser blocks my http connect.So i tried update my Node Server to support Https connect using Self-signed SSL certificates, but the browser blocks it as well.
Who can tell me how can i fix this problem and make the site work well.Thank you!
You should setup nginx as reverse proxy for nodejs server

self signed certificate for implementing https

I have a server with public IP and hold a website on it. I don't have a domain and my web server is IIS, then I created a self signed certificate in the server and bind it to my website. When I want to access to my website using a link like http://.../test. I can access to the website with https in localhost in the server. but I can't access to the website from a client browser with httpsand I get this error in client browser:ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Your server most likely doesn't support TLS (v1.0 or higher) but only SSLv3. That's a common cause for this error. SSLv3 is blocked in most browsers because of the POODLE vulnerability (CVE-2014-3566). You should review your server settings and upgrade them accordingly.
You can test your website at the awesome SSL Test from SSL Labs. This will point out errors like these and it helps you create a secure config. Please keep in mind that any score below A is in urgent need of improvement.
I found out to solve it. Port 443 was closed in the server.

Resources