I am using peerjs-server with self-signed certificates as follow (in the server):
var base = process.env.PWD;
var fs = Npm.require('fs');
var PeerServer = require('peer').PeerServer;
var server = PeerServer({
port: 9000,
path: '/',
ssl: {
key: fs.readFileSync(base + '/certificates/key.pem', 'utf8'),
cert: fs.readFileSync(base + '/certificates/cert.pem', 'utf8')
}
});
And connecting to it as follow (in the client):
window.peer = new Peer({
host: 'localhost',
port: 9000,
path: '/',
debug:3,
config: {'iceServers': [
{ url: 'stun:stun.l.google.com:19302' },
{ url: 'stun:stun1.l.google.com:19302' },
]}
});
The above code (client) works when I don't use self-signed certificates.
The problem I am facing now is, how to link those self-signed certificates in the client when connecting to the server?
Non of the examples I found like this one are using Meteor and I am struggling to achieve the same with meteor.
I am not familiar with PeerJS and it seems like its not working fully anyhow.
I would rather use Galaxy, or a self hosted linux server like AWS, DigitalOcean and run meteor build to create a regular node app.
If you then set the environmnent variable of the URL to "https://myapp.com", and also add the force-ssl package.
This will get your Meteor app to always use a secure connection.
Related
I am using a dependency that requires me to have HTTPS on localhost. I've used the following code in nuxt.config.js to accomplish that:
server: {
https: {
key: fs.readFileSync(path.resolve(__dirname, 'localhost-key.pem')),
cert: fs.readFileSync(path.resolve(__dirname, 'localhost.pem'))
}
},
Those are keys I created myself with mkcert. However, I'm going to be using an actual cert on the live page. Is there any way to limit that server block in nuxt.config.js to only dev mode?
I've used that in the past
server: {
https: process.env.NODE_ENV === 'development' && process.env.USE_LOCAL_HTTPS === 'true'
? {
key: fs.readFileSync(path.resolve(__dirname, 'server.key')),
cert: fs.readFileSync(path.resolve(__dirname, 'server.crt')),
}
: false,
},
NODE_ENV was used to double check that the environment was development and USE_LOCAL_HTTPS was another variable to be sure that it was not a staging dev environment. Of course, if you have something like staging or test for your NODE_ENV, you may not even need that.
Otherwise, I never double-checked that but this server key configuration may even work only for local dev maybe. Try to give it a try, otherwise try my configuration.
I am trying to connect to wss(proxy) with self-signed certificate using wscat and browser but it giving me errors.
https running on 8443 with certificate cert.pem
proxy running on 8080 with secure true
Things I have tried to make sure my secure server is running properly.
I can reach https://localhost:8443 and receive "hello from a secure world"
I can connect to wss://localhost:8443 with wscat wscat -c wss://localhost:8443 --ca cert.pem and it works
Errors I get:
I cannot reach the proxy https://localhost:8080 from browser. I get This site can’t provide a secure connection and 500 status code
I cannot connect to wss://localhost:8080 with wscat -c wss://localhost:8080 --ca cert.pem I get error: write EPROTO 140266887743360:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
What I think the issue is that my proxy server is unable to take the cert.pem and pass it to the https server. I have looked everywhere but I can't find how to connect to wss(proxy) with a self-signed certificate. I can't supress the
/server
const app = express()
app.use('/', function (req, res) {
res.writeHead(200);
res.end("hello from a secure world\n");
})
export const server = https.createServer({
cert: fs.readFileSync(path.resolve(__dirname, 'cert.pem'), 'utf-8'),
ca: fs.readFileSync(path.resolve(__dirname, 'cert.pem'), 'utf-8'),
key: fs.readFileSync(path.resolve(__dirname, 'server.key'), 'utf-8')
}, app)
const wss = new WebSocket.Server({ server });
wss.on('connection', function connection(ws) {
console.log("connected");
ws.on('message', function incoming(message) {
console.log('received: %s', message);
ws.send('hello from server!, the time is: ' + timestamp());
});
});
/Proxy
const wsProxy = createProxyMiddleware('/', {
target: `https://localhost:8443`,
changeOrigin: true,
secure: true,
ws: true,
ssl: {
cert: fs.readFileSync(path.resolve(__dirname, 'cert.pem')),
}
});
const app = express();
app.use(wsProxy);
const proxy = app.listen(8080)
proxy.on('upgrade', wsProxy.upgrade); // <-- subscribe to http 'upgrade'
Okay, it turned out that I was missing something crucial there. There wasn't really a "proxy websocket" I was confusing https proxy with websocket proxy. Once I made sense of that it solved my problem. I had to create a websocket with using https server(with cert and key) then I could just connect to the wss with the same cert and key :)
I'm running my node server on 3000 port and peer server on port 3001.In this scenario its working properly.But when deployed over heroku i'm running my server at 3000 and peer server over 443. In this scenario peerjs not wroking. It might be port alloction issue i guess but i'm unable to find the issue.
peer.js
const myPeer = new Peer( {
secure:true,
host: 'my-app-name.herokuapp.com',
port: 443
})
server.js
const PORT = process.env.PORT || 3000;
server.listen(PORT, () => console.log(`Server running on port ${PORT}`));
github link to project : link
New to Heroku. Any help will be appreciated!
Add this to your server file:
var ExpressPeerServer = require("peer").ExpressPeerServer;
var options = {
debug: true,
allow_discovery: true,
};
let peerServer = ExpressPeerServer(server, options);
app.use("/peerjs", peerServer);
And call on client side like this:
var peer = new Peer({
host: "yoursite.herokuapp.com",
port: "",
path: "/peerjs",
});
You Have to Host Two Apps on Heroku. First Your Main App and Second Your PeerJS Server. Because You Cannot Host your App On different Port (i.e. https://your-app-name.herokuapp.com:5000). And Then You can Connect Your Main App PeerJS Client With Your PeerJS Server by using this.
const myPeer = new Peer( {
secure:true,
host: 'my-peerjs-server-name.herokuapp.com',
port: 443
})
Happy Coding!
Just use this Heroku Element to deploy your own peer server with zero configuration. Connect to it from your client providing the host attribute as the url of your Heroku app without the https:// part and you may need to also set secure to true.
{
host: "you_app_name.herokuapp.com", // exclude protocol
secure: true
}
add this in server(index,app) file
const { ExpressPeerServer } = require("peer")
const peerServer = ExpressPeerServer(server, {
debug: true
})
app.use("/peerjs", peerServer);
and in client side add this
const myPeer = new Peer(undefined, {
path: "/peerjs",
host: "/",
port: "443",
})
port should same as your server.listen(port)
This will give invalid frame header for socket io but its fine
I am keen on using PouchDB in browser memory for an Angular application. This PouchDB will replicate from a remote LevelDB database that is fed key-value pairs from an algorithm. So, on the remote end, I would install PouchDB-Server. On the local end, I would do the following (as described here) on a node prompt.
var localDB = new PouchDB('mylocaldb')
var remoteDB = new PouchDB('https://remote-ip-address:5984/myremotedb')
localDB.sync(remoteDB, {
live: true
}).on('change', function (change) {
// yo, something changed!
}).on('error', function (err) {
// yo, we got an error! (maybe the user went offline?)
});
How do we start a PouchDB instance that supports TLS for live replication as described in the snippet above?
How do I start a PouchDB instance that supports TLS for live replication?
So after some more searching, it is clear from this topic, HTTPS is not supported for PocuhDB-Server.
Sorry, I misunderstood your question. I thought you intend to connect to a CouchDB server with PouchDB through HTTPS. Therefore, the following answer actually doesn't answer your question.
I created a server.js file like below to communicate with my CouchDB through HTTPS. Please note that the SSL certificate is (in my case) self-signed, and also CouchDB listens by default on port 6984 in the case of TLS:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; // Ignore rejection, becasue CouchDB SSL certificate is self-signed
//import PouchDB from 'pouchdb'
const PouchDB = require('pouchdb')
const db = new PouchDB('https://admin:****#192.168.1.106:6984/reproduce')
db.allDocs({
include_docs: true,
attachments: false
}).then(function (result) {
// handle result
console.log(result)
}).catch(function (err) {
console.log(err);
});
I'm running the above file with $ node server.js and I'm getting the expected results:
$ node server.js
{ total_rows: 3,
offset: 0,
rows:
[ { id: '5d6590d3-41c7-4011-be5d-b21f80079ae5',
key: '5d6590d3-41c7-4011-be5d-b21f80079ae5',
value: [Object],
doc: [Object] },
{ id: 'ec6a36d1-952e-4d86-9865-3587c6079fb5',
key: 'ec6a36d1-952e-4d86-9865-3587c6079fb5',
value: [Object],
doc: [Object] },
{ id: 'f508e7aa-b4dc-42fc-96be-b7c1ffa54172',
key: 'f508e7aa-b4dc-42fc-96be-b7c1ffa54172',
value: [Object],
doc: [Object] } ] }
I created the above code with NodeJS on server-side. However, if you want to communicate with CouchDB through HTTPS inside the browser, i.e. on client-side, you have to enable CORS on CouchDB.
I am trying to figure out how can I connect to Odata with ssl certificate authentification. We are using it with openUI5. Application is running as mobile application.
I tried several connection types on mobile device:
http is working good
https with optional certificate works good
https with required certificate Cannot access data
I also tried several connection types from browser:
http is working good
https with optional certificate works good
https with required certificate Can access data
So i was thinking that when I specify the certificate inside of header when creating the oModel inside of the app, it would work. But I don't know how to specify it correctly.
I tried to access certificates using this class:
https://help.sap.com/saphelp_smp235/helpdata/en/94/78b8de6c9110149d2cd7d1ca6ec99d/content.htm
It looks like this:
var certStore = listAvailableCertificatesFromFileSystem();
var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/", "p12");
var cert = certStore.getSignedCertificateFromFile(certPaths[0], servicePassword);
var headersMap = [];
headersMap["SSL_CLIENT_CERT"] = cert.signedCertificate; // here I dont know how could I access it.
this.oModel = new sap.ui.model.odata.v2.ODataModel(this.serviceUrl, {
user: serviceLogin,
password: servicePassword,
withCredentials: true,
disableHeadRequestForToken: false,
useBatch: false,
headers: headersMap // here i specify the header...
});
Thank you