For some client feature, I need to implement HTTPS on my Meteor website.
I installed Tarang:ssl package into Meteor and I have 3 files:
private/ca.pem
private/cert.pem
private/key.pem
My current Meteor configuration is set as follow:
Meteor.startup(function () {
SSLProxy({
port: 443,
ssl : {
key: Assets.getText("key.pem"),
cert: Assets.getText("cert.pem"),
ca: Assets.getText("ca.pem")
}
});
....
}
My Meteor server is launched as follow:
sudo meteor run --port 80 --allow-superuser
Do I made something wrong or do I forgot something?
I set my local HTTPS port to 3100 to bypass 443 sudo requirements. I run meteor with --port 3100 and that works for me. Also, I only set key and cert in SSLProxy({}).
Related
I have issued an SSL certificate and now I tried to access using ssh to the config file to install my certificate issued, but it's showing an error, can you please tell me how can I install my SSL certificate on portal.azure.com, I have NGINX server
As far as I know, you can't install an SSL certificate in Azure VM via the portal but you can use cloud-init to install packages and write files, or to configure users and security.
When you create a VM, certificates and keys are stored in the protected /var/lib/waagent/ directory. To automate adding the certificate to the VM and configuring the web server, use cloud-init. In this example, you install and configure the NGINX web server. You can use the same process to install and configure Apache.
Create a file named cloud-init-web-server.txt and paste the following configuration:
#cloud-config
package_upgrade: true
packages:
- nginx
write_files:
- owner: www-data:www-data
- path: /etc/nginx/sites-available/default
content: |
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.cert;
ssl_certificate_key /etc/nginx/ssl/mycert.prv;
}
runcmd:
- secretsname=$(find /var/lib/waagent/ -name "*.prv" | cut -c -57)
- mkdir /etc/nginx/ssl
- cp $secretsname.crt /etc/nginx/ssl/mycert.cert
- cp $secretsname.prv /etc/nginx/ssl/mycert.prv
- service nginx restart
Ref: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-server
I generated a self-signed PKCS-12 certificate with keytool(java sdk) for the API which is built in java Spring. Then, I imported the same certificate in Chrome certificates, but I don't understand why when I run my application is not using the certificate. It seems to generate a localhost certificate of its own. This is my vue.config.js:
let fs = require('fs')
module.exports = {
devServer: {
host: "localhost",
port: "8081",
https: {
ca: fs.readFileSync('C:\\Projects\\LicentiaUtilities\\books.p12')
},
}
}
Is the PKCS12 format not supported? Should I convert into something else?
Your certificate won't work on localhost, all certificates work only with domain names.
There is no way to issue SSL certificate for an IP address or localhost; you have to have an actual name which you create the certificate for. In order to get such a name, you need a DNS. Since you don't have access to the internal DNS of that local network, you will have to use a public DNS server for this.
If you will publish your app, I'll recommend you nginx, it's super easy to add ssl cert, and make a reverse-proxy to your NodeJS instance.
I want to have a server (webpack dev server) running in codeanywhere using https. How do I go about generating an SSL certificate so I can connect?
Chrome preferably however I will consider other browsers that could handle d3.js.
And the answer is: Run your service on port 3000. Codeanywhere will then auto configure a certificate for you.
To do this edit your webpack.config.js and ensure the following is in your dev server config:
devServer: {
host: '0.0.0.0',
port: 3000
}
If your container is running Apache you will need to stop it first (see http://www.learn4master.com/programming-language/shell/start-restart-and-stop-apache-on-linux the command depends on your host OS).
I have my own domain with web services written in Go. I am using the inbuilt Go web server, without Nginx or Apache in front.
I would like to start serving over HTTPS and I realized Let's Encrypt is just about to become THE WAY for doing that.
Can anyone share the whole setup procedure for configuring a Go app running on a Linux server?
This is the minimal automatic setup of an HTTPS server using Go and Let's Encrypt certificates I have found:
package main
import (
"crypto/tls"
"log"
"net/http"
"golang.org/x/crypto/acme/autocert"
)
func main() {
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist("example.com"), //Your domain here
Cache: autocert.DirCache("certs"), //Folder for storing certificates
}
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Hello world"))
})
server := &http.Server{
Addr: ":https",
TLSConfig: &tls.Config{
GetCertificate: certManager.GetCertificate,
MinVersion: tls.VersionTLS12, // improves cert reputation score at https://www.ssllabs.com/ssltest/
},
}
go http.ListenAndServe(":http", certManager.HTTPHandler(nil))
log.Fatal(server.ListenAndServeTLS("", "")) //Key and cert are coming from Let's Encrypt
}
More information on the autocert package: link
EDIT: Needed to make http available because of letsencrypt security issue, read more here. As a bonus of this fix we now have http-->https redirect. The old example will continue to work if you have already received certificates on it, but it will break for new sites.
I found a very simple solution, using the standalone mode.
INSTALL THE CERTBOT CLIENT (recommended by Let's Encrypt)
(go to the directory where you want to install the certbot client)
git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto --help`
ISSUE CERTIFICATE (FIRST TIME)
N.B. this operation happens through the port 80, so in case your Go app listens on port 80, it needs to be switched off before running this command (which is very quick to run, by the way)
./certbot-auto certonly --standalone-supported-challenges http-01 -d www.yourdomain.com
ADD SSL LISTENER IN YOUR GO CODE
http.ListenAndServeTLS(":443", "/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem", "/etc/letsencrypt/live/www.yourdomain.com/privkey.pem", nil)
Done!
TO RENEW CERTIFICATE (certificates expire after 90 days)
N.B. You can either run this manually (you will receive an email several days before the certificate expires), or set up a crontab
if your Go app doesn't listen to port 80 anymore, your Go app can keep running while you execute this command:
./certbot-auto renew --standalone
if your Go app still listens to port 80, you can specify the commands to stop and restart the Go app:
./certbot-auto renew --standalone --pre-hook "command to stop Go app" --post-hook "command to start Go app"
for the complete documentation of the Certbot commands:
https://certbot.eff.org/docs/using.html
If you can use DNS verification, that's the way to go for renewals.
For using the certificate, simple do:
c := &tls.Config{MinVersion: tls.VersionTLS12}
s := &http.Server{Addr: ":443", Handler: Gzipler(nosurf.New(router), 1), TLSConfig: c}
log.Fatal(s.ListenAndServeTLS(
"/etc/letsencrypt/live/XXX/fullchain.pem",
"/etc/letsencrypt/live/XXX/privkey.pem"
))
This one has Gzip & CSRF protection included. You can use
Handler: router
without those extra features.
I have an Apache server running with SSL enabled. Now I made a small chat which is using node.js and socket.io to transmit data. Using port 8080 on a none secured connection is working just fine, but when I try it on a SSL secured domain it is not working. I do not get how the whole setup should work since SSL is only working through port 443. Apache is already listining on port 443. On which port should socket.io listen?
I had to set the SSL certificates like
var fs = require('fs');
var options = {
key: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.no_pass.key'),
cert: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.crt'),
ca: fs.readFileSync('/etc/ssl/ebscerts/bundle.crt')
};
var app = require('https').createServer(options),
io = require('socket.io').listen(app);
app.listen(8080);
I found the solution on github