Installing SSL Certificate On Node Server - node.js

I created a self-signed certificate and installed it on apache as well as on node.js(port 3000). On localhost both https://localhost and https://localhost:3000 works well.
So, I bought GoDaddy Standard SSL certificate and installed it on the server(http://gatherify.com). Now https://gatherify.com works well, but ssl on node isn't working.
When I access https://gatherify.com:3000 i get "The connection was interrupted".
I executed curl:
root#host [~]# curl -v -s -k https://gatherify.com:3000
* About to connect() to gatherify.com port 3000 (#0)
* Trying 108.160.156.123... connected
* Connected to gatherify.com (108.160.156.123) port 3000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5938
* Closing connection #0
* SSL connect error
Any suggestions to fix this?
UPDATE
*SERVER SIDE :*
var io = require('socket.io'),
connect = require('connect'),
fs = require('fs'),
var privateKey = fs.readFileSync('cert/server.key').toString();
var certificate = fs.readFileSync('cert/server.crt').toString();
var options = {
key: privateKey,
cert: certificate
};
var app = connect(options).use(connect.static('../htdocs/node/'));
app.listen(3000);
var server = io.listen(app);
server.sockets.on('connection', function(socket) {
console.log("Connected");
});
CLIENT SIDE:
<html> <head>
<script type = "text/javascript" src = "https://gatherify.com:3000/socket.io/socket.io.js"></script>
<script type = "text/javascript">
var socket = io.connect('https://gatherify.com:3000', {secure:true});
</script>
</head><body></body></html>

If you want to run a node.js app on port 3000 with (behind) HTTPS, then you need to set up a proxy service on port 443 to proxy HTTPS requests to port 3000.
You didn't mention what server you have running on port 443 right now (is it Apache?) but you might want to
move that service to a new port (e.g. 4000), then run a node http proxy on port 443 that handles HTTPS.
Then set up a subdomain for the node.js app that you have running on port 3000 (e.g. blah.gatherify.com).
Then, using node http proxy, you will proxy all requests that are made to "gatherify.com" to port 4000, and all requests that are made to "blah.gatherify.com" to port 3000.
When all is set up properly, users can visit "https://gatherify.com" or "https://blah.gatherify.com" (without using :port numbers) and it'll all be secured with SSL. ;)

Install certificates Client Side (in Node.js)
If you need a node.js client to be able to recognize your self-assigned or cheaply-bought SSL certificates you can use ssl-root-cas, which is available on npm.
'use strict';
var https = require('https')
, cas
;
// This will add the well-known CAs
// to `https.globalAgent.options.ca`
require('ssl-root-cas').inject();
cas = https.globalAgent.options.ca;
cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '01-cheap-ssl-intermediary-a.pem')));
cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '02-cheap-ssl-intermediary-b.pem')));
cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '03-cheap-ssl-site.pem')));
This will make your certs available to the core https module as well as modules that depend on it such as request and socket.io-client without deleting the normal ssl certs (which is the default behavior for some odd reason).

Related

Cloudflare 522 error - javascript client connecting to node server

I'm trying to connect to a nodejs https server from a apache web server hosted javascript client and I'm getting an error message : 522 - Failed to load response data: No data found for resource with given indentifier. The apache web server runs on the same domain/server as the node server and the servers are proxied by Cloudflare:
Client app: https://www.example.com (apache web server on port 443)
Node SERVER: https://www.example.com:2053
Both services run in the same server/machine. This is how I start nodejs server:
// Certificates are the same used by apache web server in Virtual Host
// and were got from Cloud Flare Panel > SSL/TLS > Origin Server
var options = {
key: fs.readFileSync('/etc/cloudflare/example.com.key'),
cert: fs.readFileSync('/etc/cloudflare/example.com.pem'),
};
var socket = require('socket.io');
var http = require('https');
// Port 2053 was listed as a https port supported by Cloud Flare in
// https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/
var argv = require('optimist')
.usage('Usage: --port [num]')
.default({port: 2053})
.argv;
var server = http.createServer(options, function(req, res) {
});
server.listen(argv.port);
var io = socket.listen(server);
This is how I connect to nodejs server from the javascript client:
let socket = io.connect("https://www.example.com:2053", {secure: true});
Any tips?
Edit 1
It works if I create the node server as http (instead of https).
I was able to connect to node server by doing the follow:
Set "key" and "cert" options when instancing https node server: these files can be generated in Cloud Flare Panel > Select your domain > SSL/TLS > Origin Server. There was no need for "ca", "requestCert" or "rejectUnauthorized" parameters.
Use one of the ports listed in https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/ in the node server. Cloud flare automatically redirect these ports to the same port in your origin server.
Allow inbound connections on the selected port (step 2) in your origin server firewall.
Set SSL setting to FULL in Cloud Flare Panel > Select your domain > SSL/TLS > Overview

Socket.io client not connecting

I have a Socket.io server running on port 3000 and when running it (and the website / client) locally everything works fine. But when I push it to the server the client can't connect anymore.
The production server is running over SSL so I assumed that I need the Socket.io server to run over SSL as well. I've setup it up like this:
var app = express();
var fs = require('fs');
var is_production = process.env.NODE_ENV === 'production';
if(is_production){
var options = {
key: fs.readFileSync('/etc/letsencrypt/live/mywebsite.com/privkey.pem'),
cert: fs.readFileSync('/etc/letsencrypt/live/mywebsite.com/cert.pem'),
requestCert: true
};
var server = require('https').createServer(options, app);
}else{
var server = require('http').createServer(app);
}
var io = require('socket.io')(server);
server.listen(3000);
This still doesn't work. I don't have much experience with Socket.io so any help would be appreciated. Also note that everything worked fine before I got an SSL certificate setup on the web server.
The client is connecting to ws://mywebsite.com:3000. I've tried using http://, https:// and wss:// as well, but nothing works.
EDIT: I've tried making a request through curl and I get the following error:
curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
I couldn't figure out what the problem was, so here's what I did.
I have Nginx running on the same server to serve my website so what I ended up doing was configuring Nginx to proxy all SSL connections to port 3000 and forward them to the node.js server running on port 8080. This way Nginx takes care of the SSL so the node.js server doesn't need any additional configuration.

Difference between https://<ip> and <ip>:443

I'm currently trying to understand the difference between 2 similar curl commands.
I spun up an AWS EC2 Ubuntu instance, and installed node.js on the instance. I then created a new directory called test-server. From within this directory, I ran npm init, then npm install express. I then wrote a simple web listener called test-server.js, which looks like this:
const express = require('express')
const app = express()
app.get('/', function(req, res){
console.log('Got a request!')
res.send('Request received!\n')
})
app.listen(443, function(){
console.log('Server started')
})
Finally, I started the server with the command sudo node test-server.js, and the server started successfully.
Using aws ec2 authorize-security-group-ingress, I allowed communication from my local IP address to the instance over port 443. I then attempted to test the connection using the following 2 curl commands: curl <ip>:443 and curl https://<ip>. The first command gave the expected output of Request received!. However, I received this error from the second command: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <ip>:443.
Now, I'm FAR from a networking expert, but I would have expected both of these commands to function in the same way. Based on this result, I have 2 questions:
What is the difference between these 2 commands?
How can I change the configuration such that the second command works as well as the first?
Your application is serving regular HTTP on 443 port. In order to use https protocol you need to use encryption keys
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
app.get('/', function(req, res){
console.log('Got a request!')
res.send('Request received!\n')
})
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);
Command curl <ip>:443 is opening http connection to port 443 on givenip,curl https://<ip> is opening https connection to given ip.
If you want your traffic to be encrypted, stick to https:// version (and expanded code for server).
What is the difference between these 2 commands?
:443 is simply the port configuration, no different than :80. It just tells the server to serve content on that port. 443 is traditionally the port reserved for HTTPS connections, similar to how 80 is traditionally standard HTTP.
How can I change the configuration such that the second command works as well as the first?
You'll need to install a TLS cert. HTTPS indicates that a certificate is being used to secure the connection, and the absence of that certificate will cause the request to fail.

Having express.js or node accept an http connection over port 443

I have a REST API built with node that communicates over SSL. The server is built uses express and makes use of vhosts and cors. I have recently added a listener on port 80 as well so I can force HTTPS. As I test, I tried to access http://manage.domain.com:443/ but the request just hangs. Neither listeners seem to accept it. All I want to do is redirect that request to https.
I assume you already know this, but you'll need an https server (duh) to serve the HTTPS content. It doesn't matter what port you run it on; 443 is just the default port for HTTPS. If you want HTTP requests to redirect to HTTPS, you'll need both an http and an https server. Here's an example of how your app file should look:
var http = require('http'),
https = require('https'),
express = require('express')
fs = require('fs');
var domain = 'localhost';
var app = express();
app.get('*', function(req, res){
// redirect to HTTPS
res.redirect('https://' + domain + req.path);
});
http.createServer(app).listen(80, function(){
console.log('HTTP listening on port 80');
});
var appSecure = express();
// configure your app here
var options = {
key: fs.readFileSync('ssl_key.pem'),
cert: fs.readFileSync('ssl_cert.crt'),
};
https.createServer(options, appSecure).listen(443, function(){
console.log('HTTPS listening on port 443');
});
Obviously, you will need your SSL key and certificate to make this work.
As you probably know, most systems require elevated privileges to open a port less than 1025; so if you use port 80 and port 443, you'll have to run the app server with elevated privileges (if you're running on OSX/Linux/BSD, just do sudo node app.js).

443 apache SSL Port and 8888 https listening Port doesn't work - Node.js - socket.io

currently i have the following problem:
i have an apache server, running SSL on Port 443 and standard (http) on 80.
Additionally a installed a Node.js server with socket.io module.
I wrote an socket.io javascript with a http server that listened to the port 3000, so in the client (browser) i include the socket.io.js like this
<script type="text/javascript" src="http://www.example.com:3000/socket.io/socket.io.js"></script>
This works very fine, when i execute my site via http://www.example.com . The browser finds the socket.io.js properly.
If i execute my site via https like https://www.example.com , i adjust the script part above like this:
<script type="text/javascript" src="https://www.example.com:8888/socket.io/socket.io.js"></script>
I changed the src to https:// and the port to 8888. Now i have to adapt my socket.io script also.
var https = require('https');
var fs = require('fs');
var socketio = require('socket.io');
// The server options
var svrPort = 8888; // This is the port of service
var svrOptions = {
key: fs.readFileSync('/path/to/example.key'),
cert: fs.readFileSync('/path/to/example-ca.crt'),
ca: fs.readFileSync('/path/to/example-server.pem')
};
// Create a Basic server and response
var servidor = https.createServer( svrOptions , function( req , res ){
res.writeHead(200);
res.end('Hi! Code here...');
});
// Create the Socket.io Server over the HTTPS Server
io = socketio.listen( servidor );
// Now listen in the specified Port
servidor.listen( svrPort );
If i execute the file with node, the socket.io started properly:
info - socket.io started
But here comes the problem: if i execute the URL of the socket.io.js file in the browser, nothing happens:
https://www.example.com:8888/socket.io/socket.io.js
Firefox answers with: data communication interrupted
The node server also gets no requests. socket.io doesn't react.
What i have to do?
Thx!
There are two js scripts needed here, one for the node.js server (I assume that is the one you posted) and one embedded in the html page.
The <source> Tag has nothing to do with the execution of your node.js server script. It states where the client will download the client js script, when loading your HTML page. It therefore needs to be downloadable from your browser - just try entering that URL yourself.
The address, where the client side of the socket.io code is receiving its content (the address of the node.js Server) must be updated in the client side js.
Depending on the size of your project, why not also use node.js as the only server for the static content?

Resources