I am going to launch my local Vue application with ngrok.
I used this command.
ngrok http 8080
It says online.
But when I visit this site, it shows error.
This is the output from the ngrok.
I think the problem is HTTPS. My local version is HTTPS.
Here is the screenshot.
How can I solve this problem?
ngrok assumes that the server it is forwarding to is listening for unencrypted HTTP traffic, but if your server is listening for encrypted HTTPS traffic you can specify a URL with an https:// scheme to request that ngrok speak HTTPS to your local server.
Forward to an https server by specifying the https:// scheme
ngrok http https://localhost:8080
As a special case, ngrok assumes that if you forward to port 443 on any host that it should send HTTPS traffic and will act as if you specified an https:// URL.
Forward to the default https port on localhost
ngrok http 443
ngrok assumes that your local network is private and it does not do any validation of the TLS certificate presented by your local server.
If need be, explicitly direct to https locally.
ngrok http https://localhost:8080 -host-header="localhost:8080"
Try ngrok without http
And use node js code to mark -8080 port as your server address
const ngrok = require('ngrok');
(async function() {
const url = await ngrok.connect(8080);
})();
When you'll run this this will create a url use that url to access your server
The main problem is that you don't have a valid ssl certificate on localhost.
You need to expose the normal http not the https. I think it is going to work eg:
ngrok http http://localhost:8080
And in the vue server try to avoid the ssl or https encryption.
Related
I have purchased ngrok pro plan to use whitelabeled domains through cloudflare. But having trouble configuring end to end SSL encryption.
React app is running on localhost (http://localhost:3000).
created a domain (app.example.com) in ngrok.
added CNAME record for xxx.ngrok.io url in cloudflare for app.example.com.
SSL is enabled in cloudflare
https://app.example.com gives HTTP 520 error on cloudflare
cloudflare has universal certificate on *.example.com domain.
Is there anyway i can have https://app.example.com resolves to https://localhost:3000 through ngrok?
Here is one way, assuming you are fine with having Cloudflare only act as DNS:
Configure ngrok to serve the correct TLS certificate. In ngrok for your domain app.example.com, select the "Automated TLS certificates" option, which means ngrok will provision one for you.
In Cloudflare, "grey cloud the DNS record" so that traffic is no longer proxied through Cloudflare before it is proxied through ngrok. Now it will only be proxied through ngrok before being forwarded to your local server.
Start your ngrok tunnel. Assuming your local server is not configured to terminate TLS, you can run something like ngrok http --bind-tls=true --hostname=app.example.com 3000 to start a HTTPS only tunnel endpoint.
I was looking ngrok tunnel solution proposed and I also found a way you can do an Argo Tunnel through cloudflare directly. This can be another approach to the problem. https://developers.cloudflare.com/cloudflare-one/tutorials/share-new-site
I didn't answer your question. I just want to share, that we can make localhost on our computer accessible through our own domain using cloudflare tunneling.
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/
this is my first real problem with node. I have recently converted my website to https. This is great but my site can only be accessed by "https://www.example.com". Before converting I used port 80 (The default port), and basic express routing. I used to be able to connect to the ip address of my server and typing the domain name "www.example.com". I have the DNS set to redirect to the ip address of the server with ipv4 and ipv6. After switching to https I am no longer able to access the server using the ip address and the port 443 (I host on port 443). I am wanting to know why I can not access my website using the ip address + the port number (123.456.78.90:443) and why I must be so specific when getting at my website using https://www.example.com and not just www.example.com.
express = require('express');
app = express();
var http = require('https')
var fs = require('fs')
var sslPath = '/etc/letsencrypt/live/www.example.site/'
var options = {
key: fs.readFileSync(sslPath + 'privkey.pem'),
cert: fs.readFileSync(sslPath + 'fullchain.pem')
}
app.use(express.static("public"));
app.set("view engine", "ejs");
app.get("/", function(req,res){
console.log("Someone Connected")
res.render("homepage");
});
server = http.createServer(options, app)
io = require('socket.io').listen(server)
server.listen(443)
If your server only accepts https, then you HAVE to specify https:// in the URL. That's the only way the browser knows that is the protocol you intend to use. When you leave out the https:// from a URL in the url bar of the browser, the browser assumes http, no matter what port number you specify.
You could make your server respond to http on port 80 and automatically forward to https. Then, you could type www.example.com in the browser and it would automatically redirect to https://www.example.com.
Your server will never respond to 123.456.78.90:443 which the browser will turn into http://123.456.78.90:443 because on port 443, you're listening for https connections, not http connections (you can't listen for both on the same port).
Using the auto-redirect logic described about, you could type 123.456.78.90 into the browser and it would redirect to https://123.456.78.90 which would work.
You can either implement the auto-redirect yourself (set up a simple http server listening on port 80 and redirect all incoming requests to the same URL, but with https in front of it). Or, many hosting providers offer this feature built into their infrastructure (built into proxies or load balancers).
I have an Apache server in front of a Websocket Tomcat server, and I would like to restrict access to secure websockets only (wss://).
How can I achieve that in Apache configuration ?
One thing that I do not understand is that even if I block port 80 (not 443) on AWS, it is still possible for me to connect to my unsecured ws via Simple WebSocket Client, whereas a telnet myHost 80 is logically failing...
Actually, configuring Apache with SSL is enough : it will redirect all HTTP traffic to HTTPS.
I did not figure out that quickly, but I can only connect with WS protocol only after I have been redirected by the browser with a simple HTTP request to HTTPS. And then, when I try to connect with WS, looking at Chrome Developer tools, I can see in request headers that the final endpoint is WSS.
So, in Simple WebSocket Client, I am actually silently redirected to WSS endpoint when trying to connect with insecure WS. As I said previously, this silent redirection is enabled only after a HTTP to HTTPS redirection on a simple call in the browser. You can check it by closing your browser and trying to reconnect in WS via Simple WebSocket Client : you will get a 403 HTTP error.
I am working with a Golang app and Caddy as the HTTP server. The golang app rejects every http connection, it only can be used over HTTPS. This app is a kind of API/service that is consumed by other apps. As, it requires HTTPS I installed Caddy so I can take advantage of the automatic SSL certificate and use proxy to switch between the ports.
The application is running in the port 9000, so, the consumers will only writte mysite.com and caddy should be in charge of redirect that petitions to the port 9000 but maintaining the HTTPS. The configuration in caddy for the site is:
mysite.com {
proxy / :9000 {
max_fails 1
}
log logfile
}
Nevertheless, it seems like when the proxy is made the HTTPS is lost. I checked the logs for the application (no the logs of caddy) and I get this:
http: TLS handshake error from xxx.xxx.xxx.xxx:xxxx: tls: oversized record received with length 21536
So, based in this error, to me looks like the HTTP proxy made by caddy is losing the HTTPS. What can I do?
From the caddy docs
to is the destination endpoint to proxy to. At least one is required,
but multiple may be specified. If a scheme (http/https) is not
specified, http is used. Unix sockets may also be used by prefixing
"unix:".
So maybe it is sending http requests to the proxied https endpoint.
Does
mysite.com {
proxy / https://localhost:9000 {
max_fails 1
}
log logfile
}
fix it?
If that is the case, you may not strictly need your app on :9000 to listen https. It may simplify your deployment or cert management to just have it listen http and have caddy manage all the certs.
First of all I want to make clear that i am not talking about accessing content which is on origin servers that deliver using https which can be done using the module mod_proxy_connect.
What I want is a secured connection between the client and the proxy, also when the origin that is requested actually is served by an unsecured standard http server.
I am using apache 2.2 and also would like to make this possible with apache if that works.
I sniffed some requests using wireshark and noted the following:
A usual http of the url http://example.com/file looksl ike this:
on a connection to the origin server:
GET /file HTTP 1.1
Host: example.com
Note that the host information is stripped from the actual request and the host header is supplied instead (which can be handled server side in named virtual hosts).
When the request goes through a proxy server it looks slightly different:
on a connection to the proxy server:
GET http://example.com/file HTTP 1.1
Host: example.com
Note that the request line now actually contains the full url including protocol and hostname.
The host header is probably redundant, bus if I read the RFC correctly it is required by HTTP 1.1.
So I think about setting up an apache webserver listening on port 443, enable a virtualhost with ssl engine and certificates up and do not bind it to any hostname.
I think that should get apache to talk ssl, but however the certificates common name will not match the host specfied in the connect line to the proxys server ip adress.
Is what I want to to even possible with current standards and if so how can I do it?
Yes of course, that's what HTTPS proxy is.
Client connects to proxy over SSL, sends commands to proxy in text.
It is also possible to use HTTP CONNECT to establish HTTPS connection "inside" the SSL connection to HTTPS proxy, though not all clients support this:
HTTPS connection over HTTPS proxy
client proxy server
ssl \-------/ ssl
connect---------200 OK
ssl \---------------------------/ ssl
data-------------------------------data
/---------------------------\
/-------\
HTTP connection over HTTPS proxy
client proxy server
ssl \-------/ ssl
GET http://server/ ->
GET /
Host: server ->
<---------OK, data
<--------------OK, data
/-------\