Node.js https does not work in Cloud9 - node.js

I can create an http server and it works fine, but as soon as I try to use https instead, the server runs without errors but I cannot connect to it at all.
HTTP (working):
http.createServer(app).listen(process.env.PORT, process.env.IP);
HTTPS (not working):
var options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt')
};
https.createServer(options, app).listen(process.env.PORT, process.env.IP);
There are no errors in either method, but when I use HTTPS, there is no response when visiting the webpage and the server acts like it's not even receiving a request. Is there something wrong with the port I'm using from the Cloud9 environment? I have tried for hours to figure out what the problem is but haven't made any progress, hopefully someone can help out.

I'm afraid HTTPS will currently not work on Cloud9, as this requires the usage of other ports that are currently not opened for security reasons. We're working on a solution for this, but this will not be available on the short term yet.
For now, I recommend using two sets of configuration for development and production environments: the development environment can then just use HTTP, and production environments can use HTTPS.
Please keep an eye on our Twitter feed and blog for updates on this!

Related

How can I connect node.js file to my real website (not localhost)?

I am studying node.js and on the localhost I can perfectly do the below exercise but When I try to do it on my real website it fails. After hours of search, I am not sure what I am missing. Anyhelp will be really appreciated.
var http = require("http");
var fs = require("fs");
var server = http.createServer(function(req, res){
res.writeHead(200, {"Content-type":"text/html"});
if (req.url === "/contact") {
var myReadStream = fs.createReadStream(__dirname+"/contact.html", "utf8");
myReadStream.pipe(res);
};
});
server.listen("https://mywebsite.com");
More on setup
I have 2 files, one is contact.html, it's simple html page with "hello world". And the other file is myExpress.js file which contains above code and nothing else. When I do the above exercise on localhost, I am changing server.listen(3000, "127.0.0.1") and it works perfectly, but I do it on my website it doesnt work. I am using filezilla for loading files.
Your question is extremely broad - but, I will mention few high-level steps to take in order to run your script for real Internet traffic.
You need a server that faces the real Internet. It should be capable of running node.js. This can be rented from a hosting provider.
You need a domain name. You can obtain one from a Domain Registrar. Then you need to point your domain to your server via DNS settings.
You need to place your script in the server (hoping it faces the Internet properly) and listen to port 80.
Your port needs to be different in your server.listen. Change it to the one provided by your hoster - please provide some more info.
Example:
server.listen(3000) Listens on port 3000 on localhost
server.listen(process.env.PORT) Listens to the port - can be used for a hoster like heroku
HTTP, and HTTPS server are different protocols, so you need extra steps to create it.
Also server.listen accepts address and port, not protocol.
And finally: exposing raw Node app on production isn't a good idea (e.g. closing connections, queue manage). Recommend way is using some reverse proxy in Nginx/Apache and some monitors e.g. pm2 / forever, or more advanced: PusshionPassenger

Is it safe to open the Nodejs server port to the world?

A React app and Nodejs server which is used to retrieve and manipulate the data are running on the same server. When accessing the app locally it workes fine, but when accessed externally the app is visible but without data. The reason behind this is that the port on which the application is running is open but the port on which the Nodejs server is running is not.
My question is this, what is the best way to solve this issue? The simplest solution would be to open up the other port, but I am assuming that is not the most secure solution.
Any suggestions would be appreciated.
Open to port for the outside world and implement a token-based request verification system.
You can implement CSRF token verification. It always checks that request comes from a trusted source only.
Do this using a reverse proxy server, like nginx, to listen to the open https port. The reverse proxy will handle the https encryption, rather than burdening your nodejs code with it. nginx is multithreaded and can do https efficiently.
The reverse proxy passes along requests to your http://localhost:3000 nodejs. In my experience, this arrangement works very well at large scale.
Explaining how to do this is too much for a stack overflow answer. But you'll find plenty of online advice.

Problem with OpenSSL on Catalina using node.js [duplicate]

I'm using the node-request module, regularly sending GET requests to a set of URLs and, sometimes, getting the error below on some sites.
Error: 29472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:683
The problem is that I don't get this error always or always on the some URLs, just sometimes. Also, it can't be ignored with "strictSSL: false".
I have read that this can be related to me sending SSL requests with the wrong protocol (SSLv2, SSLv3, TLS..). But this doesn't explain why it happens irregularly.
Btw, I'm running nodejs on a Win 2008 server.
Any help is appreciated.
You will get such error message when you request HTTPS resource via wrong port, such as 80. So please make sure you specified right port, 443, in the Request options.
This was totally my bad.
I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval.
Simply, I was trying to send a http request to https.
I got this error because I was using require('https') where I should have been using require('http').
Some of the sites are speaking SSLv2, or at least sending an SSLv2 server-hello, and your client doesn't speak, or isn't configured to speak, SSLv2. You need to make a policy decision here. SSLv2 should have vanished from the face of the earth years ago, and sites that still use it are insecure. However, if you gotta talk to them, you just have to enable it at your end, if you can. I would complain to the site owners though if you can.
I had this problem (403 error for each package) and I found nothing great in the internet to solve it.
My .npmrc file inside my user folder was wrong and misunderstood.
I changed this npmrc line from
proxy=http://XX.XX.XXX.XXX:XXX/
to :
proxy = XX.XX.XXX.XXX:XXXX
var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';
I got this error while connecting to Amazon RDS. I checked the server status 50% of CPU usage while it was a development server and no one is using it.
It was working before, and nothing in the connection configuration has changed.
Rebooting the server fixed the issue for me.
So in Short,
vi ~/.proxy_info
export http_proxy=<username>:<password>#<proxy>:8080
export https_proxy=<username>:<password>#<proxy>:8080
source ~/.proxy_info
Hope this helps someone in hurry :)
in my case (the website SSL uses ev curves) the issue with the SSL was solved by adding this option ecdhCurve: 'P-521:P-384:P-256'
request({ url,
agentOptions: { ecdhCurve: 'P-521:P-384:P-256', }
}, (err,res,body) => {
...
JFYI, maybe this will help someone
I got this error, while using it on my rocketchat to communicate with my gitlab via enterprise proxy,
Because, was using the https://:8080 but actually, it worked for http://:8080

NodeJS Not Receiving BigCommerce Webhooks

During development, I tunnelled all the my product/created and product/updated post requests through ngrok to my localhost and everything was working fine, but once in awhile I noticed it might miss a hook and not receive it, but this problem happens almost all the time in production for me on both my stores.
The moment I switched everything to production, I deleted the old hooks, re registered them using the live domain, and when I request a list of registered web hooks, I can see that they are active from the "is_active" flags. But for some weird reason, when I go through the same workflow as I did during development, I don't see any of the post requests being received by my server at all, but once in awhile, I might see 1 get received and my server will do its thing with that hook.
I thought it might have had something to do with my SSL/TLS setup, so I went to https://www.ssllabs.com/ to do a quick test. Everything was graded A, the only thing that I noticed was that my certificate #2 or my CA bundle was not trusted for whatever the reason. So I actually removed the CA cert from my server and only used my RSA/Cert instead for the credentials. However, in another PHP app that we made for BigCommerce, it is using the same type of certificate generated as the one that I'm using right now through LetsEncrypt, and in that PHP app all the hooks are received properly.
Given all this, I still can't seem to quite pinpoint where the problem lies. When I tunnelled everything through NGROK, I registered the hooks to the https url given to me, https://xxxx.ngrok.io -> localhost. Then on my node server, I created a server using http instead of https to avoid 502 bad gateway conflicts. So the only differences is me switching from using ngrok to my own https using https.createserver.
Any ideas on what the problem might be?
https
.createServer(
{
key: app.get('RSA_KEY'),
cert: app.get('SSL_CRT'),
ca: app.get('SSL_CA')
},
app
)
.listen(HTTPS_PORT, async function() {
... some code
})
app is express.router()

Need help establishing nodejs (NPM) localhost https

I have read over and tried a dozen different ways to get my Aurelia app (run by npm start) on Windows 10 to be served as HTTPS, but have been unable to do so.
If anyone has a clear path to do this, I would appreciate it.
Your Best Option would be to use a 3rd Party Service like Ngrok, just download and run using the following,
ngrok http 80
This will provide you with a free https proxy from their server to you.
You are most likely using BrowserSync and as sometime in 2015 it supports auto detect http vs https via the proxy config setting {proxy: 'https://localhost:12345'}. So if you specify an https proxy url, browsersync should automatically fire up the proxy'd https url. You'll have to hunt for where you're browser sync settings are located. You can use this for the BrowserSync reference. https://wearejh.com/https-support-added-browsersync/#how-does-it-work-

Resources