this is my first real problem with node. I have recently converted my website to https. This is great but my site can only be accessed by "https://www.example.com". Before converting I used port 80 (The default port), and basic express routing. I used to be able to connect to the ip address of my server and typing the domain name "www.example.com". I have the DNS set to redirect to the ip address of the server with ipv4 and ipv6. After switching to https I am no longer able to access the server using the ip address and the port 443 (I host on port 443). I am wanting to know why I can not access my website using the ip address + the port number (123.456.78.90:443) and why I must be so specific when getting at my website using https://www.example.com and not just www.example.com.
express = require('express');
app = express();
var http = require('https')
var fs = require('fs')
var sslPath = '/etc/letsencrypt/live/www.example.site/'
var options = {
key: fs.readFileSync(sslPath + 'privkey.pem'),
cert: fs.readFileSync(sslPath + 'fullchain.pem')
}
app.use(express.static("public"));
app.set("view engine", "ejs");
app.get("/", function(req,res){
console.log("Someone Connected")
res.render("homepage");
});
server = http.createServer(options, app)
io = require('socket.io').listen(server)
server.listen(443)
If your server only accepts https, then you HAVE to specify https:// in the URL. That's the only way the browser knows that is the protocol you intend to use. When you leave out the https:// from a URL in the url bar of the browser, the browser assumes http, no matter what port number you specify.
You could make your server respond to http on port 80 and automatically forward to https. Then, you could type www.example.com in the browser and it would automatically redirect to https://www.example.com.
Your server will never respond to 123.456.78.90:443 which the browser will turn into http://123.456.78.90:443 because on port 443, you're listening for https connections, not http connections (you can't listen for both on the same port).
Using the auto-redirect logic described about, you could type 123.456.78.90 into the browser and it would redirect to https://123.456.78.90 which would work.
You can either implement the auto-redirect yourself (set up a simple http server listening on port 80 and redirect all incoming requests to the same URL, but with https in front of it). Or, many hosting providers offer this feature built into their infrastructure (built into proxies or load balancers).
Related
I have an apache proxy in our DMZ which then proxies on port 80 to and internal server. It uses port 80 so our firewall between the DMZ and internal network can inspect the request. So, it's like this;
browser -> 443 -> proxy -> 80 -> firewall -> internal server
This all works well but for one thing. If the user calls "https:/site/" this will end up calling http:/site on the internal server. This works fine if the page is there and get 200 and return data. However, if the app on the server tries to redirect the client to a /site/login page for example. This redirect seem to be sent back as http:/site/login, presumably because the connection from the proxy was http port 80. This then results in the client getting this error;
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
How can I make this work better? Either, 1/ make the redirect match the http/https from the original request, or 2/ if I can't do that, force it to always be an https in the redirect sent back?
Thanks
I am going to launch my local Vue application with ngrok.
I used this command.
ngrok http 8080
It says online.
But when I visit this site, it shows error.
This is the output from the ngrok.
I think the problem is HTTPS. My local version is HTTPS.
Here is the screenshot.
How can I solve this problem?
ngrok assumes that the server it is forwarding to is listening for unencrypted HTTP traffic, but if your server is listening for encrypted HTTPS traffic you can specify a URL with an https:// scheme to request that ngrok speak HTTPS to your local server.
Forward to an https server by specifying the https:// scheme
ngrok http https://localhost:8080
As a special case, ngrok assumes that if you forward to port 443 on any host that it should send HTTPS traffic and will act as if you specified an https:// URL.
Forward to the default https port on localhost
ngrok http 443
ngrok assumes that your local network is private and it does not do any validation of the TLS certificate presented by your local server.
If need be, explicitly direct to https locally.
ngrok http https://localhost:8080 -host-header="localhost:8080"
Try ngrok without http
And use node js code to mark -8080 port as your server address
const ngrok = require('ngrok');
(async function() {
const url = await ngrok.connect(8080);
})();
When you'll run this this will create a url use that url to access your server
The main problem is that you don't have a valid ssl certificate on localhost.
You need to expose the normal http not the https. I think it is going to work eg:
ngrok http http://localhost:8080
And in the vue server try to avoid the ssl or https encryption.
ttI am adding an nginx reverse proxy in front of my existing nextcloudpi server in order to be able to route traffic to different servers in my network depending to the domain that is used. Currently the nextcloudpi server is the only one running, so all traffic is directly routed to it.
The server is only accessible via https and letsencrypt handles the certifactes on the nextcloudpi server.
In order to route traffic from my reverse proxy to the nextcloudpi server via https, I have set up the default.conf file to look like this:
server {
listen 443;
listen [::]:443;
server_name <my-public-url>;
location / {
proxy_pass https://<hostname-of-my-nextcloudpi-server>;
}
}
Unfortunately that doesn't work. Firefox returns SSL_ERROR_RX_RECORD_TOO_LONG and Chrome ERR_SSL_PROTOCOL_ERROR
I have also not seen anywhere where traffic is proxied to a https location. I am aware that in my internal network I can and should just route to the target location on port 80 but since the server is already set up to use https I want to keep it that way.
Thanks for your help
I'm brand spanking new to setting up websites, so go easy.
Basically I setup an osticket system on my XAMPP stack and It works locally no problem but when I try to access it from my public IP it won't connect.
I've port forwarded port 12345 -> 80 as my server listens on 80.
So theoretically if I type in my URL bar it should connect right?
In the httpd.conf file for Apache do I enter the external or internal IP address? I'm assuming I leave it as localhost because the .conf file is local to the server.
My networking setup:
Firewall setup:
<PublicIP:12345> ALLOW <PriavteIP>
Port forwarding setup:
<PublicIP:12345> -> <PrivateIP:80>
It's hard to tell without understanding more about your setup. I'm going to assume you have a router that connects your internal network to the Internet, and you have one or more computers connected in your network, and your server is one of those.
So are you talking about the port forwarding rules on your public-facing router's firewall? If you are forwarding port 12345 from your router to port 80 on your server, the reason it won't work is because a standard HTTP request from a public machine will come to your router on port 80, not port 12345. Are you entering in a URL with the 12345 port number in it? If anything, you should simply be routing all requests to port 80 on your router to the IP of your server.
You can check this if you try to view your web site using the port number in the URL. So if your IP address to your router is 5.6.7.8 you would enter http://5.6.7.8:12345 and this would load your web page, as the request for a page from port 12345 would get forwarded to port 80 on your server. But honestly I think you just need to get rid of port 12345.
I would like to know about the port enabling and port forwarding to make the sharepoint site collection out side the network.
Assume, i have created a web application on the port 3333.and my system is having static ip as well. Now how to enable this port and how to make the url as http : // server name instaed of http : //server name:3333