If so, how does it get the public certificate and private key to encrypt/decrypt WebSocket packets?
Both Engine.IO and Socket.IO are able to listen on an instance of a HTTPS server. As HTTPS is HTTP over TLS, WSS is WS over TLS.
var fs = require('fs');
var https = require('https');
var server = https.createServer({
key: fs.readFileSync('key'),
cert: fs.readFileSync('cert')
});
var eio = require('engine.io').attach(server);
var io = require('socket.io').listen(server);
As far as I know, encryption and decryption is done by the browser.
Related
I'm running a https example server on node.js with express.
I have my certificates and I'm able to run it on port 3000 or 8443.
But I have to put the port on the domain mydomine.com:8443 and if I want to access the https without saying the port, that should be 443, but this port doesn't load.
I even tried changing the ports on my router to point to a working port, such as ext443->in8443, but that didn't work either. (ports configuration)
So I'm wondering if it's really 443 that I'm looking for?
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync(__dirname + 'ssl/privkey.pem', 'utf8');
var certificate = fs.readFileSync(__dirname + 'ssl/fullchain.pem', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
var httpsServer = https.createServer(credentials, app);
app.use(express.static('public'));
httpsServer.listen(8443);
i even trdied mydomine.com:443 and doent work either
443 requires sudo on linux, and admin permissions on Windows, because it's reserved. You can run this program as sudo.
If it didn't helpful, please, attach screenshot
How can I block TLS 1.0 and TLS 1.1 on my Node.js Express server? I'm using a traditional server setup script:
const app = express();
export const server = app.listen(3000);
I'm slightly confused why I couldn't find any documentation on this.
Usually you will be running your Express server behind something else, like an Nginx proxy, an AWS Load Balancer, or some other piece of software or hardware that terminates TLS. In your example, you're not listening over HTTPS at all, you're listening for HTTP connections on port 3000. The configuration would usually be done outside of your Node app, but if you do want to do it in your Node app, it would be like this:
const express = require('express')
const https = require('https')
const fs = require('fs')
const { options } = require('crypto')
const app = express()
const opts = {
key: fs.readFileSync('/path/to/key.pem'),
cert: fs.readFileSync('/path/to/chain.pem'),
secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
}
// other app logic
// Or 443 if you run it as root, which is not recommended;
// instead you should proxy to it.
https.createServer(opts, app).listen(3443)
ex.
const https = require("https");
const https_options = {
pfx: fs.readFileSync(path.join(__dirname, "../ssl/cert.pfx")),
passphrase: "password",
minVersion: "TLSv1.2"
}
server = https.createServer(https_options, app);
minVersion is the easiest way to accomplish this as mentioned here: https://stackoverflow.com/a/62051684/4487632
I have a NodeJs Application running with express. I have been trying to integrate an SSL certificate but I keep having the same error: Error: error:0906D06C:PEM routines:PEM_read_bio:no start line.
I have tried some solutions I found on stackOverflow like
var privateKey = fs.readFileSync( 'privatekey.pem' );
var certificate = fs.readFileSync( 'certificate.pem' );
https.createServer({
key: privateKey,
cert: certificate
}, app).listen(port);
or
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync('privatekey.pem');
var certificate = fs.readFileSync('certificate.pem');
var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
httpServer.listen(8081);
httpsServer.listen(8443);
But none seem to work. My main problem is that I donwloaded my certificate file from GoDaddy but I only get two .cert files. I have read in some websites how to obtain the .pem files but I keep getting the same error.
As you can see I am new at using https protocol in NodeJs.
Could you help me solve this problem?
Best regards
I have a working chat application using websockets. I want to go one step further and enable encryption on my connections, however when I switch up the http server with a https one my connections start failing.
I have generated a self-signed certificate that I use on all of my websites (under the same TLD, which implies it is a wildcard certificate). I can confirm it is a valid certificate, so the problem should not be there.
This is what works (unencrypted)
var webSocketServer = require('websocket').server;
var http = require('http');
var server = http.createServer(function() {});
server.listen(webSocketsServerPort, function () {
log("system", "Server is listening on port " + webSocketsServerPort);
});
var wsServer = new webSocketServer({
httpServer: server
});
Using this I can now connect to ws://my.domain:port.
This is what does not work
var webSocketServer = require('websocket').server;
var http = require('https');
var fs = require('fs');
var server = http.createServer({
key: fs.readFileSync("path/to/host.key"),
cert: fs.readFileSync("path/to/host.pem")
});
server.listen(webSocketsServerPort, function () {
log("system", "Server is listening on port " + webSocketsServerPort);
});
var wsServer = new webSocketServer({
httpServer: server
});
With this code the server starts as well, I see the log message "Server is listening.." but when I try to connect at wss://my.domain:port the connection can not be established.
I have added an exception in my browser for the certificate because my client page and websocket server address are under the same tld and sub-domain.
What could be the problem?
It is not enough to add the site from which you'd like to connect to the websocket as exception. Go to the site https://my.domain:port (the websocket address) and add the location as exception. (It certainly is a necessary step in Firefox)
Alternatively you could import your certificate in the certificate manager into Authorities.
Edit: I can tell you what works for me.
> openssl genrsa -out key.pem
> openssl req -new -key key.pem -out csr.pem
> openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
setting the common name as localhost
in main.js
var https = require('https');
var ws = require('websocket').server;
var fs = require('fs');
var options = {
key:fs.readFileSync('key.pem'),
cert:fs.readFileSync('cert.pem')
};
var server = https.createServer(options,
function(req,res){res.writeHeader(200);res.end();});
server.listen(8000);
var wss = new ws({httpServer:server});
wss.on('request',function(req){
req.on('requestAccepted',function(conn){
conn.on('message',function(msg){
conn.send(msg.utf8Data + " received");
});
})
req.accept(null,req.origin);
});
then in the browser(Firefox) at https://localhost:8000 (added cert as exception)
var ws = new WebSocket('wss://localhost:8000/')
ws.onmessage = function(msg){console.log(msg.data)}
ws.send("test")
and received test received.
Bad practices combined with bad logging habits were the cause of the problem.
On opening a new connection there was a check performed to validate the origin of the request which had hardcoded http:// in there and since I was requesting it from a secure page (https://) the check no longer passed and connections were impossible.
Trying to make HTTPS server work on Express 4, however, there's an SSLv3 security error coming (please see the image). To my understanding SSLv3 protocol is not supported by browsers anymore due to POODLE attack.
How to make HTTPS server use the TLS1.2 protocol?
var express = require('express'),
app = express(),
fs = require('fs'),
https = require('https'),
key = fs.readFileSync('/usr/local/etc/ssl/key.pem'),
cert = fs.readFileSync('/usr/local/etc/ssl/cert.pem'),
https_options = {
key: key,
cert: cert
},
PORT = 8000,
HOST = 'localhost';
https.createServer(https_options.key, app).listen(PORT);
app.get('/', function(req, res) {
res.send('Hello');
});
module.exports = app;
The server is listening localhost:8000
The error
try to create server like that
it is working fine at my side,
var server = require('https').createServer(options, app),
server.listen(port);
or if like to add socket
var server = require('https').createServer(options, app),
io = require('socket.io').listen(server);
server.listen(port);