I uploaded my node.js app with ec2 AWS instance, my app.ts running on port 5000, I allowed within inbound rules HTTPS on port 443, also I bought have a domain with route 53 amazon, when I'm trying to send a request to https://ec2-3-example.com am getting err connection refused but when I'm sending a request with http://ec2-3-example.com:5000 locally I get the data from the server, how do I solve this?
thanks in advance I can share the code if it helps
In order to have access to your app via HTTPS, you will have to attach an SSL certificate to a reverse proxy somewhere in the middle of the system.
The problem you are experiencing is that you are opening port 443 in the EC2 instance, but your application is running on port 5000. On top of that, SSL termination will not be done automatically. You will need a reverse proxy like ALB or Nginx.
One way of doing it in your case could be:
Check that your app runs on port 5000 in an EC2 instance
Create an ALB and add your EC2 instance to it
Attach an SSL Certificate to your ALB with the corresponding domain
Allow inbound traffic on port 5000 in the security group of your EC2 instance, from your ALB
Allow inbound traffic on port 443 for the ALB
Route traffic from your domain on Route53 to your ALB
Related
I do those instructions: https://shellcreeper.com/how-to-create-valid-ssl-in-localhost-for-xampp/
I want to test a Secure Web Socket Connection on Lan NetWork.
I try to run the websocket server (python) in 192.168.1.24 which is the static lan ip address of my pc at port 8080.
When i try to fetch an html page with a javascript web socket connection in it, i saw this:
WebSocket connection to 'wss://192.168.1.24:8080/' failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID
Is there any way to have https (i need it for js getUserMedia function) and wss protocol in a lan ip address?
Thanks in advance,
Chris Pappas
The websocket connected using the IP, not covered by the certificate, so changing the socket address from wss://192.168.1.24:8080/ to wss://somehost:8080/ (edit file named 'hosts' in your OS, if need)
My socket io server does not have ssl certificate, so it only works in htpp, on
the other hand I have my web page which has ssl certificate,
So when I'm connecting to my socket web server (in http) on this page (in https), it's changes automatically in https so necessarily I get an error
The connection :
//Here I'm connecting in http
const socket = io("http://XXX.XX.XXX.XX:XXXX",{secure:false})
here you have the pictures which illustrates the problem, i have write "http: // xxxxxxxx" and in the console i got the error:
//But in the error we see that change and it's try to connect with https
"GET https://XXX.XX.XXX.XX:XXXX/socket.io/?EIO=3&transport=polling&t=NFiqorQ
net :: ERR_SSL_PROTOCOL_ERROR"
PS: when i try to connect to the websocket with wamp (so in http) it's work...
if anyone knows how to force the connection to http, please help me
Client side error
Client side conection
im sure it has something to do with your server. i only work with nginx so i can just talk about that but im sure its something similar in apache. I create virtual server blocks in nginx one is for the fileserver where ssl and certificate is enabled. after that i set up a block for the socket and set the server just to listen to http.
upstream socket {
server 127.0.0.1:2095;
server 127.0.0.1:80 backup;
keepalive 15;
}
server {
listen 80;
listen [::]:80;
root /var/www/socket/;
..... and so on
i work with a subdomain always to connect the socket like socket.domain.com but its not needed.
the same but with ssl on and linking certificate i do for the fileserver and this way it works pretty well.
var HOST = '144.125.....';
const socket = io(HOST,{secure:true})
I am using AWS cloud 9. when I use express application generator, I can't preview my application. Is it because of any port problem?
For application preview and sharing instructions, see https://docs.aws.amazon.com/cloud9/latest/user-guide/app-preview.html
To summarize the preceding information...
To preview your running application, be sure to:
Run using HTTP over port 8080, 8081, or 8082 with the IP of 127.0.0.1, localhost, or 0.0.0.0. (You don't have to use these ports or IPs. However, you won't be able to preview--skip ahead to the "to share..." part.)
With the corresponding application code file open and active in the AWS Cloud9 IDE, choose one of the following on the menu bar: Preview, Preview Running Application --OR-- Tools, Preview, Preview Running Application.
To share your running application with others, be sure to:
Set up the AWS Cloud9 development environment's associated Amazon EC2 security group to allow incoming HTTP requests over port 8080, 8081, or 8082. (Or whatever port the app is running on.)
Set up the AWS Cloud9 development environment's associated network ACL in Amazon VPC to also allow incoming HTTP requests over port 8080, 8081, or 8082. (Or whatever port the app is running on.)
Have others browse to your Amazon EC2 instance's public IP address. Be sure to start the URL with the correct protocol, add the port number if it is not the default for that protocol, and any other required URL components for your app (for example, /index.html, etc.).
This question already has an answer here:
How to force node.js/express.js to HTTPS when it is running behind an AWS load balancer
(1 answer)
Closed 5 years ago.
I have running server nodeJs with express module. And website is made by React.js which is server-side-redering.
And I have domain : www.example.com, Route53 with load balancer applied AWS Certificate Manager.
the problem is I don't know how to automatically access https:// protocol, when I type url http://www.example.com
now, I can access each of url like as http://www.example.com or https://www.example.com
I found solution :
app.use (function (enter code herereq, res, next) {
if (req.secure) {
next();
} else {
res.redirect('https://' + req.headers.host + req.url);
}
});
but it's not working...
what is nice way???
update
if using nodejs with express, how to set a port?
the express block port 80, So I use
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000. is it common method to connect port?
I have load balancer using SSL (ACM), and port using port are 80, 443.
how to directly access that either 'http' or 'https should access https.
When deploying NodeJS applications it is recommended to use a web server like Nginx or Apache infront of Node server as a proxy, for gzip encoding, static file serving, HTTP caching, SSL handling, load balancing and etc.
One option is to have the redirection at proxy level
In AWS another option is to use Cloudfront with http to https redirect for behavior of the origin (Also caching static content at Edge Location level)
I have purchased a certificate and installed in my node.js website.But the https at the browser shows green and is OK.Now, I am trying to establish a socket connection using wss, but it failed.
The error at the Javascript client side is like this.
WebSocket connection to 'wss://securedsitedotcom:3003/call' failed:
WebSocket opening handshake was canceled
Please help!
Code at client side (Javascript)
var ws = new WebSocket('wss://securedsitedotcom:3003/call');
Code at server side (node.js)
https = require('https');
var server = https.createServer({
key: fs.readFileSync(config.certKeyPath),
cert: fs.readFileSync(config.certCrt),
requestCert: true,
rejectUnauthorized: false
},app);
server.listen(port);
var wss = new ws.Server({
server: server,
path: '/call'
});
Error at the browser console :
WebSocket connection to 'wss://securedsitedotcom:3003/call' failed:
WebSocket opening handshake was canceled
Recent work with Chrome has revealed that if a page is served as https on Chrome, websockets must use wss. And if wss must be used, port 443 must be used (and to boot not any other secure port and so far I have not seen any way to change the port), which may be your problem since your port looks like 3003 above.
Right now I am trying to get my IT group to patch/upgrade Apache on that server so mod_proxy_wstunnel can be used to make Apache listening on 443 a reverse proxy and pass all wss traffic through to my websocket server.
Hope this helps.
I ran into a similar issue, but I was using a Self Signed Certificate. You mentioned that you bought a Certificate. I guest it is signed by the certificate authority.
Otherwise, like in my case, non-validated certificate can cause an "opening handshake was cancelled" error. A validated certificate is either validated by a third party (Certificate Authority, ie VeriSign) or explicitly authorized by the client.
In my case, VeriSign didn't sign my certificate (self signed), so I had to explicitly authorized it. To do so, I simply need to visit the https URL with the browser (in your case "https://securedsitedotcom:3003/call"). Then a "warning unauthorized host" appear. You need to authorize the exception and than you can make your WSS connection.
Your server can use any port, it is not bound to 443. 443 is the default port for https but any port can be explicitly specified like you've done.
I hope it helps someone.