The way the appfog documentation reads is that as long as you use their provided domain you will get free SSL.
But as far as I understand things you need a .KEY and a .CERT file in order for NodeJS to start a https server.
Am I missing something or do they really only support https on custom domains...?
Thanks gals and guys!
Appfog Documentation in question: https://docs.appfog.com/customize/ssl
You can use https right away with their provided domain name, e.g., myapp.aws.af.cm. When using their provided domain name, then AppFog handles SSL termination so your app doesn't need to do anything.
Also, if you need to know the protocol that was used on the request, then you can look at the X-Forwarded-Proto header that is added by AppFog during routing.
The info for SSL for Custom Domains is for when you are using your own custom domains. Then you will need to go through more setup, ssl certs, etc.
Related
I am working on a 2-player card game. The two client facing pages are hosted on Github pages and the node server is running on AWS.
Everything works fine when I view my client side pages locally, but when I try to open them on Github pages I get this error:
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
So then I change the connection url to include https like this:
var socket = io.connect("https://ec2-18-191-142-129.us-east-2.compute.amazonaws.com:3000");
And I get this error:
index.js:83 GET https://ec2-18-191-142-129.us-east-2.compute.amazonaws.com:3000/socket.io/?EIO=3&transport=polling&t=N71Cs6c net::ERR_SSL_PROTOCOL_ERROR
Here are my security groups:
Do I need to do something with an SSL certificate? Is it even possible with my current setup as I don't have access to the domain I am hosting on (Github Pages). If it's not possible are there any online services I can host my client code on and get an SSL certificate, or do I have to buy a domain and hosting? Any help welcome, but please try to explain it because I am very new to all this. Thank you.
Ec2 doesn't support https like this ("out of the box").
There is several way of doing it, but I suggest you should create a application load balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) and then configure https on it (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html).
Other solution can be using Cloudfront, or configure https directly on the instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html).
Hope that makes sense.
As mentioned by alcyon, changing from HTTP to HTTPS does not enable your application to run over HTTPS. There are many ways to achieve this. Checkout the detailed guide by AWS for your use-case at https://aws.amazon.com/premiumsupport/knowledge-center/configure-acm-certificates-ec2/ .
I recently enabled SSL for my Heroku-hosted website, wildcodemonkey.com, but when I visit it in Chrome I see the error "ERR_SSL_PROTOCOL_ERROR".
My research indicated that the SSL connection terminates at Heroku's router, which then passes the request along via HTTP to my express/node site. Consequently, I did not set up 'https' in my server and have been expecting standard HTTP connections.
My SSL configuration is such that my CSR, key and cert were passed along to Heroku. I'm using the SSL option baked into Heroku, not a third-party resource/addon. After enabling SSL in my app's settings I changed my DNS to reflect the new endpoint (wildcodemonkey.com.herokudns.com instead of wildcodemonkey.com.herokuapp.com), this is the endpoint I was told to use when I configured SSL on Heroku, directly copied and pasted from the settings page after setting up ssl.
I do see morgan logging GET requests when I hit the domain, so it does look like everything is making it end to end, so I'm not sure where the issue is occurring.
Any assistance would be greatly appreciated. Thanks ahead of time.
According to the SSLLabs report the certificate chain of this site is incomplete. While desktop browsers often but not always will work around this problem mobile browsers and other applications will usually not. Check the documentation provided by your CA which chain certificates need to be configured.
I have my domain pointed in Cloudflare with SSL. My website runs with HTTPS protocol. The reason i mention them running is this.
I have my blog at blogspot and want to give it custom domain name which google allows. Unfortunately google wont allow HTTPS there. I had created my blog like this in DNS as blog.domain.com which runs as https://blog.domain.com and if i host this subdomain via Github, it opens correctly. The problem is when i use this subdomain in blogger, then there arises conflict and my site goes offline. Where am i mistaking in setting up all this?
Don't enable full or restricted SSL option in cloudflare. Use flexible SSL instead. This will setup things correctly.
I want to create a proxy server with nodejs, it could be a web-proxy(like glype in php) or a proxy which we enter in browser.
The main motive is to save specific files(that match certain mime type) to HDD.
First of all I tried to use http-proxy module but it didn't allowed me to create a proxy server that accepts HTTPS. Also I didn't found any way to save files.(please correct me If I'm wrong)
Then, I tried node-unblocker, its just perfect but the only problem is its Limitations(listed here).
Please, could somebody help me out in doing this.
Keep in mind that, by default, your proxy solution wouldn't be able to eavesdrop https traffic as that would be considered a security breach. More precisely, you'd be doing #2 of this list.
You could theoretically implement a solution where your proxy server has its own SSL certificate and you include it in your trusted CA list in all the devices you plan on using this proxy. Much like Charles Proxy, Fiddler and other proxy programs do for debugging purposes.
I've got a fairly simple app deployed on OpenShift that uses CloudFlare as a DNS provider, since they support CNAME records for the root domain, which our current domain provider does not.
The issue with this setup is somewhere along the line https is not working. I believe this is an OpenShift issue because it's the same kind of issue you get when you've mapped the domain name to your app but haven't added the proper aliases yet - you get a timeout essentially.
We've got two aliases - with www and without. There's no option to specify https or anything with OpenShift aliases from what I can see. There aren't any SSL certificates assigned to these aliases as we do not need or use https - we're on the Free plan.
The main URL to access the site is http://www.jcuri.com - notice this works as expected, however https://www.jcuri.com times out.
Initially we were thinking of using CloudFlare page rules to auto-redirect to a non-https URL however this is locked down behind a paywall which we're hoping to avoid, as we don't need any of the Pro features.
Is there something I'm missing here? It seems that OpenShift is just denying any https connections purely because we don't have certificates assigned to the aliases. I wouldn't even mind if there were certificate errors, at least that would give us a chance to do a redirect on the actual NodeJS application, but we don't even reach that point.
Can anyone offer some advice on this?
Since those domains are not pointed directly at openshift via CNAME, but are seemingly redirected via another service (from what i can tell from the dns) it is hard to say whether it is OpenShift that is causing the https issues. If you do not have a custom ssl certificate installed on openshift, you will just get an invalid certificate error, but since you are using a redirect service, maybe it is possible that the service is checking the certificate first, seeing an error, and then not working?
Since the https page rules you stated above are behind a paywall, this actually makes a lot of sense that they are blocking it, not OpenShift. Godaddy provided a forwarding service that would allow you to point both www and naked domain to openshift correctly using cnames, i have used it before.