From my research I'm not getting an answer after referencing:
Custom SSL doesn't show when using CloudFlare
How to append SSL Origin Certificate with CloudFlare's Root Certificate?
Assets not loaded when using CloudFlare SSL
Cloudflare SSL issue: Request origin does not match request base_url
CloudFlare SSL refused on HTTP access
Wildcard SSL Certificates, Custom Domain Names, and Cloudflare
In my domain register I point my domain nameservers to Cloudflare and under Cloudflare's Crypto set SSL to Full. When I add the URL under Client ID for web application -> Restrictions -> Authorized JavaScript origins and Authorized redirect URIs should I be using HTTP, HTTPS, or both?
My understanding Cloudflare's SSL is a shared SSL and not a dedicated SSL. From Google's documentation I am unaware or able to find when using the Google Login API if the API will work successfully using a shared SSL.
The app is a web application written in Node using Google's Login API and hosted with a custom domain on Heroku. I am able to get the application to work locally and with Heroku's generated URL but I'd like to also implement Cloudflare I'm just unsure what is the correct way to use a shared SSL.
So to sum up, if I own the domain foobar.com in Google's Restrictions should I be using:
http://foobar.com
http://www.foobar.com
or
https://foobar.com
https://www.foobar.com
if the SSL is a shared SSL from Cloudflare?
It depends how do you want to expose your domain to users. Both protocols http/https can be allowed.
However you are trying to use "Google's Login API" = probably Open ID Connect client (SAML client is different), which needs encryption -> so actually, you need to allow only https protocol and then you will have safe configuration.
Related
I'm using google firebase Messaging for push notifications of my website.
my website doesn't have a domain. Its using HTTPS with self-signed certificate.
as i realized service worker needs HTTPS with valid SSL certificate. witch isn't available for sites without domain.
in some of other push notification services there is an option for HTTP websites that it opens a new window with a sub domain and notifications will be received from there.
is there any free option in any site that provides such future?
or
is there another option for me to pass invalid SSL error when enabling service worker?
btw: i'm aware about browsers flags for allowing self-signed certificate. i'm not gonna use that because i have some users now.
my frontend is a angular cli app running with nginx on a ubuntu server.
Ant-Media-Server is running on an IPAdress without any domains. We just set up this server to be used for streaming in order to use it from different domains pointing to different servers.
Since all of our domains use ssl, we face the typical connection problem:
mixed Content: The page at 'https://SOMEDOMAIN.com/QUERY' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://1.2.3.4:56'. This request has been blocked; this endpoint must be available over WSS.
Ant-Media already offers tutorials on how to install a Let's Encrypt SSL Certificate but sadly it is not available for pure IP-Addresses.
Apart from the Ant-Media Service, the server doesn't has any NGINX, NodeJS, Apache or other http Servers installed - the plan was just to use it for streaming by calling the IP-Address.
Do you have any ideas on how to solve that problem?
Unfortunately, this is not possible.
The goal of having a SSL is ensure you are requesting the right domain name besides encrypting the content between your users and your server.
Here are some alternatives:
create an endpoint in your own app that proxies data to your server.
Instead of playing the IP address, you can play:
/your-proxy-url?stream=http://yourIp.com:port/....
Note that using a proxy will make all the traffic pass through your web app.
As a reference, if you are using PHP on your website, you can have some ideas from here: https://gist.github.com/iovar/9091078
Create a reverse-proxy in front of your web app that redirects the traffic to your IP address.
Both solutions does not change your Ant Media Server, just adds a new resource between your users and your streaming server - adding the SSL on it.
Recently I have installed ssl certificate on my website. After the ssl certificates have been installed ,I found that my subdomain is not working properly. I will address my subdomain as 'xxxx'and main domain as 'primary'. The main domain works well with http as well as https. Now the subdomain works well with http, but with https://xxxx.primary.com delivers me the main site content and not the content of subdomain. I'm using apache server, linux operating system.
Can anyone please help to solve this issue?
Thanks in advance.
This is how SSL protocol works with the browsers. Whenever browsers receive HTTPS request for domain name, it first checks with the server then delivers the site's content. If a website on server has enabled SSL accessed with HTTPS, browser will try to make secure connection and send request to the server.
In your case, your main website is working properly with HTTP as well as HTTPS and delivers proper content, but your sub-domain is not showing proper content for HTTPS. In order to deliver proper content you should consult with your development team. You can better host your sub-domain on another server or you can protect your sub-domain with valid separate SSL certificate.
Suggestion: If you own multiple sub-domains then it is advisable to use Wildcard SSL, that can protect unlimited number of sub-domains with single certificates. Please note, this unlimited does secure first level (blog.domain.com), doesn't second-third-fourth-etc. level (news.blog.domain.com, 1.news.blog.domain.com or abc.1.news.blog.domain.com).
My site on openshift works with http and https prefix. Does it mean that https is allready set up properly so I do not need any additional steps to configure it there? Do I need any ssl sertificate for https?
As you mentioned in comments, you are using openshift v2.
Here you can use either custom rhcloud.com subdomain or use your own domain name.
All applications URL under rhcloud.com (say, example-username.rhcloud.com) use a shared SSL certificate. So, If you use rhcloud.com subdomain, you don't need to configure anything. They automatically provide *.rhcloud.com wildcard certificate.
To use HTTPS for your custom domain name (say, www.example.com) or alias, you need to upload your own certificate. To upload custom SSL certificate, You need to subscribe to a Premium plan. Free plan does not allow custom SSL certificate.
You can read more about how to set up custom domain, alias or SSL certificate, here. The previous documentation link is valid only for openshift v2.
Does the new heroku endpoint ssl support having both http and https on a single domain?
I would like to serve some pages via http://www.mydomain.com and also serve profile pages via https://www.mydomain.com/profile.
With the old ssl I needed to create secure.mydomain.com for https but I would rather not do this if possible.
thanks
Yes, that's fine. All you're adding with endpoint SSL is a entry point in front of your actual app that supports SSL. HTTP can still travel through this just fine, but obviously won't be secure.