I am using Cloudflare, Heroku Hobby Dynos to host my website. I am quite confused on how https and SSL management is being handled using their provided SSL certificates. Should I purchase my own self signed certificate instead?
Also on the backend, I have it currently configured with http, but since I did not manually purchase an SSL cert but rather using Heroku's and/or Cloudflare's, what should I do to handle https requests with the https library?
Here is what I currently have:
const PORT = process.env.PORT || 8000;
const server = http.createServer(app);
const io = require('socket.io')(server);
require('./socket')(io);
server.listen(PORT, () => {
console.log(chalk.blue('Server started on port', chalk.magenta(PORT)));
});
Related
My webhost has said the port 9000 is not available for an install of Peer.js Server.
Peer.js:
https://peerjs.com/
Peer.js Server:
https://github.com/peers/peerjs-server
My webhost says, 'Only the standard ports, 80 for HTTP and 443 for HTTPS' are available.
Does that mean I cannot install Peer.js Server on my webhost website?
Do I have to change all the 9000 to 80? Is that possible when only port 80 is all I am allowed on my webhost website? (I am still in the early learning phase of Node.js and websites.)
The webhost is Winhost, the basic option, if that is important.
You can actually run a Peer.js server using Express and specify whatever port you'd like.
Try this:
const { ExpressPeerServer } = require('peer');
const express = require('express');
const app = express();
const expressPort = 9000;
const expressServer = app.listen(expressPort);
const peerServer = ExpressPeerServer(expressServer);
app.use('/peerjs', peerServer);
So you can hit the Peer.js server on the specified endpoint /peerjs
No, you will not be able to run it on 80/443. Those are already in use by your web server, Nginx/Apache. You should grab a minimal VPS (virtual private server) and use that to run your Peer.js server.
I try to understand, how the HTTPS connection works for the SAP-Shine sample.
https://github.com/SAP-samples/hana-shine-xsa/blob/master/core-node/server.js
For me it looks so different to the standard express logic, where we create a HTTPS server, like this sample:
var key = fs.readFileSync(__dirname + '/../certs/selfsigned.key');
var cert = fs.readFileSync(__dirname + '/../certs/selfsigned.crt');
var options = {
key: key,
cert: cert
};
var server = https.createServer(options, app);
In opposite of this known sample above, SHINE is using the following procedure:
https.globalAgent.options.ca = xsenv.loadCertificates();
The npm xsenv-documentation says, that
"this code loads the trusted CA certificates so they are used for all subsequent outgoing HTTPS connections:"
Does it really mean, that we have only after putting the CA certificate to the globalAgent a running outgoing HTTPS connection?
Really, if I would know, I would like to check it for myself. But I only found hints for checking https connection for incoming requests, and rather not for outgoing connections.
Sorry, if my question sounds stupid, but I try to understand!
Please, let me know if I missed something in the configuration for a properly working outgoing HTTPS connection.
I generated a self-signed PKCS-12 certificate with keytool(java sdk) for the API which is built in java Spring. Then, I imported the same certificate in Chrome certificates, but I don't understand why when I run my application is not using the certificate. It seems to generate a localhost certificate of its own. This is my vue.config.js:
let fs = require('fs')
module.exports = {
devServer: {
host: "localhost",
port: "8081",
https: {
ca: fs.readFileSync('C:\\Projects\\LicentiaUtilities\\books.p12')
},
}
}
Is the PKCS12 format not supported? Should I convert into something else?
Your certificate won't work on localhost, all certificates work only with domain names.
There is no way to issue SSL certificate for an IP address or localhost; you have to have an actual name which you create the certificate for. In order to get such a name, you need a DNS. Since you don't have access to the internal DNS of that local network, you will have to use a public DNS server for this.
If you will publish your app, I'll recommend you nginx, it's super easy to add ssl cert, and make a reverse-proxy to your NodeJS instance.
I am trying to use websocket to connect to a TLS server using react-native. Below is my code (running on windows + android ):
var ws = new WebSocket('wss://hub.fingi-staging.com:20020',{
rejectUnauthorized: false
});
ws.onopen = () => {
// connection opened
ws.send('something'); // send a message
};
ws.onmessage = (e) => {
// a message was received
console.log('message : ' + e.data);
};
ws.onerror = (e) => {
// an error occurred
console.log('error:'+e.message);
};
ws.onclose = (e) => {
// connection closed
console.log('close:'+e.code, e.reason);
};
However, it fails with : error:java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. This is because the server uses a self signed certificate.
Is there any way to fix this?
Replying a bit late, but hopefully this can point other people in the right direction.
I believe the error you are getting suggests you are missing the certificate chain file, which is used to verify if the CA used to sign your server's certificate is valid, i.e if the chain of trust is valid.
This, however, usually fails (is troublesome, at least) if you are working with self signed certificates. You can take a look here if you need some help generating some self-signed certificates and the appropriate certificate chain. Also, see if you need to specify the trusted CA's by having the client use that file as a parameter when connecting.
I have been struggling with setting up a secure websocket server using a self sign certificate (for development purposes, in production a proper certificate/CA must be used) but haven't had much success and reverted back to using non-TLS websocket server.
If anyone else happens to be struggling with implementing secure websocket connections in React-Native, here is what I found tonight: React-Native wants to use port 443 when working with secure websocket connections.
Let's take the original poster above's code. He has:
var ws = new WebSocket('wss://hub.fingi-staging.com:20020',{
rejectUnauthorized: false
});
What I've found that works for me is:
var ws = new WebSocket('wss://hub.fingi-staging.com');
And then on your WebSocket server, make sure you are serving everything up on port 443, and not port 20020 (or whatever port you happened to be using previously). For example, my Python websocket server was previously using port 8765. However, in React-Native you need to be using port 443 for secure websocket connections or things simply aren't going to work.
I have an Apache server running with SSL enabled. Now I made a small chat which is using node.js and socket.io to transmit data. Using port 8080 on a none secured connection is working just fine, but when I try it on a SSL secured domain it is not working. I do not get how the whole setup should work since SSL is only working through port 443. Apache is already listining on port 443. On which port should socket.io listen?
I had to set the SSL certificates like
var fs = require('fs');
var options = {
key: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.no_pass.key'),
cert: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.crt'),
ca: fs.readFileSync('/etc/ssl/ebscerts/bundle.crt')
};
var app = require('https').createServer(options),
io = require('socket.io').listen(app);
app.listen(8080);
I found the solution on github