Is there any way to require the HTTPS redirect?
Force SSL package causes a loop...
I am using a demeteorized app on azure...have seen solutions for nginx etc but nothing mentioning this
The force SSL package won't work for an environment where the server is behind a load balancer that redirects to the server as HTTP. As far as the server is concerned, all traffic is HTTP, not HTTPS, so you'll end up with an infinite loop.
In some cases you can look at the headers to see if the request has been downgraded to HTTP locally, but it doesn't always work as expected.
I ended up removing the force SSL package, then used JavaScript in the page template to see if the protocol was HTTP, then redirect the user to HTTPS to prevent the issue.
Example
<script>
if (location.protocol.toLowerCase() === 'http:') {
window.location.href = 'https://example.com' +
(location.pathname ? location.pathname : '') +
(location.search ? location.search : '');
}
</script>
Related
I have a simple worker that just does a fetch against an HTTPS endpoint somewhere else.
The code is literally just:
return await fetch('https://something.com/someResource')
When I test locally (wrangler dev) and even publish to a workers subdomain this works fine. When I curl https://foo.bar.workers.dev/myEndpoint I get the same response as https://something.com/someResource.
However I want to run this from my own domain (managed through cloudflare) so the worker also has a route of foo.mydomain.com/* and a AAAA record to 100:: for foo as per CloudFlare docs. The DNS works fine the URL is reachable, but when I try to hit https://foo.mydomain.com/myEndpoint CloudFlare's worker logs show that the fetch behind the scenes fails with a 525 error (SSL Handshake fail).
Things I've tried based on some CloudFlare forum posts:
Add a page rule foo.mydomain.com/* -> SSL Mode: full since my overall SSL settings are set to flexible.
Set the host header in the fetch to the origin domain ( fetch(url, {headers: {'Host': 'something.com'}})
FYI, I don't control the origin server as it's an external API I work with.
How come the same request works from local and *.workers.dev but not my own domain?
Your page rule is not taking effect. The page rule is for foo.mydomain.com/*, but it has to match the subrequest URL, which in this case is https://something.com/someResource, which doesn't match. It doesn't matter that the original worker request matched -- what matters, in this case, is whether the subrequest URL matched.
Unfortunately, you cannot create a page rule that matches a domain other than your own.
Instead, what you'll need to do is reverse things. Set your SSL mode to "full" by default, but then use page rules to set it to "flexible" for your own domain.
(Note: The "SSL Handshake fail" error itself is actually a known bug in Workers, that happens when you try to talk to a host outside your zone using HTTPS but you have "flexbile" SSL set. We do not use flexible SSL when talking to domains other than your own, but there's a bug that causes the request to fail instead of just using full SSL as it should.)
Hey everyone so I configured my ELB to use an SSL certificate and it works great, however, I still have a problem where if a user comes to my website on port 80 under HTTP the website does not redirect them to an HTTPS secure connection. Heres a screenshot of my ELB configuration as seen in the Elastic Beanstalk configuration tab. Any help is appreciated thank you.
It wasn't the elb at all I simply had to add this code:
if (process.env.NODE_ENV === "production" || process.env.NODE_ENV === "awsDevelopmentServer") {
app.use(function(req, res, next) {
// Insecure request?
if (req.get("x-forwarded-proto") == "http") {
// Redirect to https://
return res.redirect("https://" + req.get("host") + req.url);
}```
While it seems like you got it working by redirecting in your application, it is possible to do this redirect entirely in your ALB. Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
This feature was released in July 2018. https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/
Elastic Beanstalk may not have launched their own support to configure this. You may be able to configure it via ebextensions, but for now it may be best to just do it in your application.
You can set up Application Load Balancer listener in the following way:
HTTP 80: default action
IF
Requests otherwise not routed
THEN
Redirect to HTTPS://#{host}:443/#{path}?#{query}
Status code:HTTP_301
In fact, you cannot do it anynmore from the interface of elastic beanstalk
Don't do it from the app, bad solution for load.
You must now go to the EC2 load balancer and change the listener for port 80 as described here : https://medium.com/#j_cunanan05/how-to-redirect-http-to-https-in-amazon-web-services-aws-elastic-beanstalk-67f309734e81
We run a TYPO3 multidomain system and added https support to our TYPO3 domain [typo3domain]. All other domains still run without https support (http only).
https works perfect for [typo3domain].
Redirect of all non https request to TYPO3 backend (lockSSL) works perfect as well. [typo3domain]/typo3 redirects automatically to https://[typo3domain]/typo3
Now our problem:
If a editor [domain1] edits some content on https://[typo3domain]/typo3 and goes to page -> view page then https://[domain1] is called, but this does not work (invalid certificate), because [domain1] is a non ssl domain.
How can i fix this?
You can set the preview domain in the root page TSconfig of the non-https sites, including the protocol:
TCEMAIN.previewDomain = http://domain1
More on this option can be found here: https://docs.typo3.org/typo3cms/TSconfigReference/PageTsconfig/TceMain.html#previewdomain
I'm working with Vue JS using the webpack template, and dev mode.
How can I have part of my server using the HTTPS protocol and other part using HTTP?
I know that to use HTTPS is just add "https: true" to the devServer variable of the file build/webpack.dev.conf.js . Example:
devServer: {
https: true,
// other variables...
}
But when I do that just the HTTPS requests are accepted, no HTTP anymore.
How can I work with both protocols? If it's not possible, is there a VueJS way to redirect an HTTP request to an HTTPS?
It doesn't look totally straightforward to configure multiple entry points on your webpack server. Your best bet is likely to reverse-proxy the http requests using whatever other webserver you have handy. IIS will do this for you, for example. Google "reverse proxy [name-of-your-webserver]" :-)
Currently we are using the default wirecloud template. But sinde we enabled SSL and redirect every request to the ssl port I would love to change the urls of static ressources to start with https to avoid mixed content warnings.
Is there a simple way to change the urls to always start wit hhttps instead of http?
That's done automatically, except if WireCloud is behind a proxy (so requests comes using HTTP instead of HTTPS). In those cases you can force WireCloud to use https links by adding this line into the settings.py file:
FORCE_PROTO = "https"
See this link for more info.