I want to have a server (webpack dev server) running in codeanywhere using https. How do I go about generating an SSL certificate so I can connect?
Chrome preferably however I will consider other browsers that could handle d3.js.
And the answer is: Run your service on port 3000. Codeanywhere will then auto configure a certificate for you.
To do this edit your webpack.config.js and ensure the following is in your dev server config:
devServer: {
host: '0.0.0.0',
port: 3000
}
If your container is running Apache you will need to stop it first (see http://www.learn4master.com/programming-language/shell/start-restart-and-stop-apache-on-linux the command depends on your host OS).
Related
I'm trying to access my web application served using the webpack DevServer from a virtual machine, but I'm able to connect through HTTPS only to the main URL - all sub-URLs fail with ERR_SSL_PROTOCOL_ERROR error.
Here is my setup:
I'm running webpack DevServer on a host machine with macOS. My virtual machine is running Windows 10 (VMware Fusion in bridged network mode). Webpack DevServer uses custom self-signed SSL certificates (generated using the mkcert tool).
Here is my DevServer configuration (#angular-builders/custom-webpack:dev-server):
"builder": "#angular-builders/custom-webpack:dev-server",
"options": {
"browserTarget": "admin:build",
"allowedHosts": [
"localhost",
"admin.local.slido-staging.com"
],
"host": "0.0.0.0",
"port": 443,
"servePath": "/",
"ssl": true,
"sslCert": "ssl/server.crt",
"sslKey": "ssl/server.key"
},
(local.slido-staging.com is just a "DNS alias" for localhost due to internal requirements, so the development certificate is also generated for *.local.slido-staging.com).
To make the web app accessible over HTTPS also from the virtual machine, I've exported the root certification authority (generated by mkcert) from the host machine, imported it to the root certificate authorities store on the VM Windows machine and added 192.168.2.90 admin.local.slido-staging.com to my Windows hosts file (192.168.2.90 is the IP address of my host machine).
The problem:
The web app is perfectly accessible from the host machine - HTTPS works for the main URL admin.local.slido-staging.com and also for sub-URLs (e.g. admin.local.slido-staging.com\main.js, see the screenshots:
But, when I try to access it from the VM, only the main URL (admin.local.slido-staging.com) loads through HTTPS, all other sub-URLs/resources end up with ERR_SSL_PROTOCOL_ERROR:
Here is another strange thing - trying to access any sub-URLs from the VM by entering the IP address of the host machine instead of the hostname works (an HTTPS connection is initiated, although the certificate doesn't match that name/IP address as expected), but trying to access it through the hostname fails (ignore the 4443 port on the last screenshot - I was just trying to serve the app from a different port):
What could be the problem? I spend a few hours debugging it, but without success (I tried also the -disable-host-check param for the DevServer, it didn't help)
Update:
I tried to serve the app using HTTP instead of HTTPS and it also doesn't work in the web browser - just the error message changed from ERR_SSL_PROTOCOL_ERROR to ERR_INVALID_HTTP_RESPONSE. But Wireshark shows that some data were fetched
The issue was caused by the latest version of Cisco AnyConnect Secure Mobility Client (4.10) installed on the host computer. After downgrading Cisco AnyConnect software to version 4.9 everything works as expected.
I have a functional app running in a docker on port 3000. I have selenium tests that works when I set my host to http://localhost:3000. I created a container to launch the selenium tests and it fails with the following error:
WebDriverError:Reachederrorpage:about:neterror?e=nssFailure2&u=https://app:3000/&c=UTF-8&f=regular&d=An error occurred during a connection to app:3000.
SSL received a record that exceeded the maximum permissible length.
Error code: <a id="errorCode" title="SSL_ERROR_RX_RECORD_TOO_LONG">SSL_ERROR_RX_RECORD_TOO_LONG</a>
Snippet of my docker-compose.yml
app:
build:
context: .
dockerfile: Dockerfile.dev
volumes:
- ./:/usr/src/app/
ports:
- "3000:3000"
- "3001:3001"
networks:
tests:
selenium-tester:
build:
context: .
dockerfile: Dockerfile.selenium.tests
volumes:
- ./:/usr/src/app/
- /dev/shm:/dev/shm
depends_on:
- app
networks:
tests:
I replaced the host by http://app:3000 but firefox seems to want to redirect this http to https (which is not working). And finally I build my driver like this:
const ffoptions = new firefox.Options()
.headless()
.setPreference('browser.urlbar.autoFill', 'false'); // test to disable auto https redirect… not working obviously
const driver = Builder()
.setFirefoxOptions(ffoptions)
.forBrowser('firefox')
.build();
When manually contacting the http://app:3000 using curl inside the selenium-tester container it works as expected, I get my homepage.
I'm short on ideas now and even decomposing my problem to write this question didn't get me new ones
I had exactly the same problem - couldn't successfully make request on HTTP to app from Selenium-controlled browsers (Chrome or Firefox) in other Docker container on same network. cURL from that container though worked fine! Connect on HTTP, but something seemed to be trying to force HTTPS. Identical situation right down to the name of the container "app".
The answer is... it's the name of the container!
"app" is a top level domain on the HSTS preloaded list - that is, browsers will force access through HTTPS.
Fix is to use a container name that isn't on HSTS preloaded lists.
HSTS - more reading
As you mentioned manually contacting the http://app:3000 using curl inside the selenium-tester container it works as expected
This error message...
WebDriverError:Reachederrorpage:about:neterror?e=nssFailure2&u=https://app:3000/&c=UTF-8&f=regular&d=An error occurred during a connection to app:3000.
SSL received a record that exceeded the maximum permissible length.
Error code: <a id="errorCode" title="SSL_ERROR_RX_RECORD_TOO_LONG">SSL_ERROR_RX_RECORD_TOO_LONG</a>
...implies that SSL layer in curl or one of its dependencies seems broken.
#RussellFulton in this discussion mentioned:
This seems to be the result you see from Firefox when the server is not configured properly for SSL. Possibly Chrome would have just gave a generic ssl failed error.
This can happen when the browser sends a SSL handshake when the server is expecting an HTTP request. Server responds with a 400 code and an error message that is much bigger that the handshake message that the browser expects. Hence you see the message.
Reasons and Solution
When the error prone code tries to redirect to HTTPS on port 80 (port 3000 in your case).
Solution: Removing the port 80 (port 3000 in your case) from the url, the redirect works.
HTTPS by default runs over port 443.
This error also occurs when you have enabled the SSL module.
Solution: You have run a2enmod ssl.
a2enmod ssl
//or
a2ensite default-ssl
Provided a wrong IP in the ssl config.
Solution: Changed IP to what it should be.
Remove the IP if not needed in the ssl config.
Solution: Change
VirtualHost your.domain.com:443
//to
VirtualHost default:443
curl: (35) SSL received a record that exceeded the maximum permissible length. issue was discussed at length.
As per Curl Support HTTPS proxy and SOCKS+HTTP(s) there was another attempt to get the HTTPS proxy support into Curl.
This curl commit should have addressed your issue.
For some client feature, I need to implement HTTPS on my Meteor website.
I installed Tarang:ssl package into Meteor and I have 3 files:
private/ca.pem
private/cert.pem
private/key.pem
My current Meteor configuration is set as follow:
Meteor.startup(function () {
SSLProxy({
port: 443,
ssl : {
key: Assets.getText("key.pem"),
cert: Assets.getText("cert.pem"),
ca: Assets.getText("ca.pem")
}
});
....
}
My Meteor server is launched as follow:
sudo meteor run --port 80 --allow-superuser
Do I made something wrong or do I forgot something?
I set my local HTTPS port to 3100 to bypass 443 sudo requirements. I run meteor with --port 3100 and that works for me. Also, I only set key and cert in SSLProxy({}).
Currently I have a master and agent working on separate Centos 6.5 VMs. I would like to be able to configure my own master as I will be tearing down and making a new master every time.
How can I get puppet agent --test --noop to work on my master machine as well?
Currently I receive an error:
Error: Could not request certificate: 502 "Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )"
SSL requests seem to be setup for port 443. Any thoughts?
Thank you very much!
Jason
Credit to Felix Frank, mr_tron
Issue seemed to be solved by removing http_proxy declaration in .bashrc file and anywhere else
Puppet Master now able to act as an agent
Thank you,
Jason
I am working on yeoman based angular.js app.
We have set up the gruntfile to run over https.
It works fine on my workmates machine but not on mine.
In Chrome I get:
SSL connection error.
Unable to make a secure connection to the server.
This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
In Firefox I get:
The connection was interrupted
The connection to localhost:9000 was interrupted while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
I have double checked we have the same npm modules installed.
Relevant parts of gruntfile are
connect: {
options: {
port: 9000,
hostname: 'localhost',
protocol: 'https',
key: grunt.file.read('server.key').toString(),
cert: grunt.file.read('server.crt').toString(),
ca: grunt.file.read('ca.crt').toString(),
passphrase: 'grunt',
},
livereload: {
options: {
protocol: 'https',
middleware: function (connect) {
return [
modRewrite([
'^/api/(.*) /api/index.php?$1 [L]',
'!\\.html|\\.js|\\.php|\\.css|\\.png$ /index.html [L]'
]),
lrSnippet,
phpGateway('app'),
mountFolder(connect, '.tmp'),
mountFolder(connect, yeomanConfig.app)
];
}
}
},
my workmate generated the certificate files, but that shouldn't matter as I have exact copies of those files.
The strangest part is that I can still run the site over http where on my workmates machine it won't run over http at all, only https.
Is there anything else anyone can think of as to why this would be?
Based on the error "This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have" and the fact that it runs on your friend's computer but not yours leads me to believe that it's a problem with the SSL keys and certificate on your computer. You can generate your own using the tutorial here: http://www.akadia.com/services/ssh_test_certificate.html
key: grunt.file.read('server.key').toString(),
cert: grunt.file.read('server.crt').toString(),
ca: grunt.file.read('ca.crt').toString()
Make sure that the above files are in your base folder from which you are running grunt. The ca.crt file is also necessary for self-signing your own certificate using a certificate authority that you create using the tutorial above. Hope this helps!
I would first look for the log file and tail that as you're making the request. It might give you hints as to what is wrong