is there a way to solve this:
there is a domain example.com, on port 80 it redirects to 443 so it's always SSL connection and it passes to uwsgi via nginx. Now sockets run via a node connection on example.com:3000.
Is there an easy way to have that example.com:3000 run as SSL? The reason why is that Chrome gives a warning that the site includes resources that are not SSL.
I created another server in nginx, with the same domain listener but for different ports and passed the info through to node, and made that port SSL.
Related
I have two iis websites. One I have a localhost on port 80 and was setup for dydns with ssl port forwarding external: 443 and internal port:1124 and the website is working perfectly with dydns access.
I wanted to setup another website with the ssl port but was unable to do so. As when I set the port forwarding external Ssl:443 and the internal ssl port:1129. the other dydns entry redirects to the first website. This website does not work without https.
So. How do I setup two websites for ssl port forwarding on the same machine?
Any help is appreciated.
You don't necessary need an entirely different port for each website you host on the same machine. You can use the same http/80 and https/443 to serve multiple website through virtual hosts.
I'm not familiar with IIS, but I do know that it's possible on IIS just like Apache and NGINX does. You can read about setting up virtual hosts on IIS here. Also I answered a similar question here.
In the documentation for icecast 2.4.2 I see the following about ssl.
ssl If set to 1 will enable HTTPS on this listen-socket. Icecast must
have been compiled against openSSL to be able to do so.
However this wording is unclear to me whether or not the ssl is forced for this port or not? I am wondering this because we are running into an issue where safari is forcing ssl redirect and we want to keep the server listening on both ssl and non-ssl on the same port ( if thats possible )
Another thing is that it says it must be compiled against openSSL but we are installing it from apt in xenial. Does this mean its default to ssl?
Thanks~!
However this wording is unclear to me whether or not the ssl is forced for this port or not?
On that particular socket, it is. A server bound to that socket cannot support HTTPS and non-HTTPS at the same time. Usually, you'll use port 80 for HTTP and port 443 for HTTPS.
Note that you can have multiple sockets bound to Icecast, simply by putting in multiple <listen-socket> sections. It's common to serve both HTTP and HTTPS this way.
I am wondering this because we are running into an issue where safari is forcing ssl redirect
Your server configuration is irrelevant here. Icecast will not redirect HTTP requests to HTTPS. It's possible that you hit the stream on HTTPS once and that Safari cached this. It's also possible that you turned on HSTS or something for your domain. You would have to debug this with a tool like Fiddler.
and we want to keep the server listening on both ssl and non-ssl on the same port
You say "keep the server listening"... that's not possible. If it appears you're set up this way today, that's not accurate.
In a sense it does. Icecast if you are using it as its own server will not resolve the enabled ssl port unless its https://.
You also cannot use the same port for both ssl and non-ssl.
Finally the xenial ubuntu package also is not compiled for ssl.
I have a website setup, if I load the website with http://www.url.com:443 it works as expected, but if I load https://www.url.com I get a "ERR_CONNECTION_CLOSED" error on Chrome.
I have setup iptables to load port 3000 through both port 80 and 443.
Server is running centos, there is no ssl certificate setup at this stage
You configured the server to listen on port 443 but didn't configure it for SSL traffic. In other words, you merely changed the port from 80 to 443, so it is serving HTTP on port 443.
You say there are no SSL certificates set up. That's the problem. You need to set up certificates (even if only self-signed ones) for HTTPS to work at all. It's the key and certificates from this setup process that tell the server how to encrypt the HTTPS data, and how to identify itself.
This page will help you to set things up properly: https://wiki.centos.org/HowTos/Https
There are many places you can look for advice on creating keys and certs, but the easiest and least expensive options are StartSSL and LetsEncrypt. Both will do this for you at no cost.
https://letsencrypt.org/
https://www.startssl.com/
I have an old site (oldsite.com) running via World Wide Web Publishing Service on a Windows Server 2003 server. I've just create a new site (newsite.com) using the same server but running through Apache. The old site with its service running on port 80 already so I had to config Apache using port 8080. The problem is now when I publish my new site, the url has to be newsite.com:8080. How can I config Apache so that it can contain no port, just newsite.com?
As far as I know from personal experience and research:
Due to the nature of DNS Records you cannot specify the domain to redirect to an IP address and a port.
If both servers are listening on the same port a request would not know which site to direct to.
As the default port the domain specifies is port 80, any other port must be specified for the request to go to the correct location.
Therefor you cannot have newsite.com redirect to the server IP on port 8080, as it can only be directed to the server IP with DNS records. The port must be specified in the URL if it is on a port other than 80.
Edit: I just found this post about using a reverse proxy to do something similar to what you have described. Take a look and see if it helps you.
You cannot have two services listening on the same port. You can change the old site to listen to another port, set apache to port 80, then use mod_proxy to enable the old site to be accessed from apache using virtualhost
I have just make it work. Although in IIS Manager, there was no website listening on 0.0.0.0:80 but I still had to delete this entry by httpcfg tool. After that Apache can start normally.
When having multiple domain names point to the same server. But you only have a certificate for one of these domains, is it possible to block the other domains in Apache. But only when HTTPS is used not when HTTP is used.
I tried using a NameVirtualHost setup for 443 port. But when the domain is not found Apache simply defaults to the first virtual host. I would like it to refuse the connection. In this way when connecting directly through HTTPS on one of the not supported domains the connection is refused rather then having the browser display warning screen because of a wrong identity.
Any thoughts?
Not possible.
This is a chicken and egg problem - to verify an https connection the browser connects and tries to validate the certificate/common name and the given URL. The first handshake / connection to port 443 has to be encrypted.
The only way to handle this problem would be to setup dedicated IPs for all domains - or for at least the domain using HTTPS.
It's far from ideal, but another option would be to use a non-standard for your HTTPS site and not have the server listening on port 443.