I receive an error when i try to "redirect" and https request to http by a stunnel server.
construction:
flask server: serve https which includes an button with a https request to another server (stunnel4).
stunnel: receives the request and redirect it to a local (http) server.
the stunnel server failes by following error:
Mär 27 19:27:20 raspberrypi stunnel[1400]: LOG5[1744]: Service [https] accepted connection from <external_IP>:51874
Mär 27 19:27:20 raspberrypi stunnel[1400]: LOG5[1744]: s_connect: connected <local_IP>:7777
Mär 27 19:27:20 raspberrypi stunnel[1400]: LOG5[1744]: Service [https] connected remote server from <local_IP>:45444
Mär 27 19:27:20 raspberrypi stunnel[1400]: LOG3[1744]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
is it possible that this error caused by my manually (not officially certificatied) created SSL certificates?
flask server --> uses an manual created cert and key file.
stunnel4 uses --> uses an manual created cert and key file (but different to flasks SSL files)
if you know any other methods to "redirect" the https to http, please comment.
Related
I uploaded my node.js app with ec2 AWS instance, my app.ts running on port 5000, I allowed within inbound rules HTTPS on port 443, also I bought have a domain with route 53 amazon, when I'm trying to send a request to https://ec2-3-example.com am getting err connection refused but when I'm sending a request with http://ec2-3-example.com:5000 locally I get the data from the server, how do I solve this?
thanks in advance I can share the code if it helps
In order to have access to your app via HTTPS, you will have to attach an SSL certificate to a reverse proxy somewhere in the middle of the system.
The problem you are experiencing is that you are opening port 443 in the EC2 instance, but your application is running on port 5000. On top of that, SSL termination will not be done automatically. You will need a reverse proxy like ALB or Nginx.
One way of doing it in your case could be:
Check that your app runs on port 5000 in an EC2 instance
Create an ALB and add your EC2 instance to it
Attach an SSL Certificate to your ALB with the corresponding domain
Allow inbound traffic on port 5000 in the security group of your EC2 instance, from your ALB
Allow inbound traffic on port 443 for the ALB
Route traffic from your domain on Route53 to your ALB
I have a nginx server where I have an api deployed at localhost:5000
On the same server I have a Vuejs app which is deployed at localhost:3000 and then through nginx reverse proxy served from www.mysite.com.
the frontend uses axios to make calls to the api. But everytime it happens, I get a connection refused error to localhost:5000.
Why is this happening and how can I resolve it.
Note: If I serve localhost:5000 api also via a domain like api.mysite.com using nginx reverse proxy and call api from this domain then it works fine. But I don't want to do that and instead want to use localhost:5000 to call the api.
Please check the port is listed by using the following command if you use Linux
sudo netstat -tnlp | grep :5000
If there is process running, then fine. Try changing the localhost to 127.0.0.1:5000
I'm getting the error: "registerServiceWorker.js:71 Error during service worker registration: DOMException: Only secure origins are allowed (see: https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features)." This is on the console of a React JS web app.
I understand that to resolve this error I would need to setup HTTPS on my API server, the problem is that I am running this app on the local network and it is served through a local IP address. This web app also uses data that is only exposed locally so I can not host it externally and get an SSL cert for a domain.
From what I've read on StackOverflow I could create a self-signed certificate but this would show users an SSL error page on most browsers.
What would be the best option to resolve this issue?
I have purchased a certificate and installed in my node.js website.But the https at the browser shows green and is OK.Now, I am trying to establish a socket connection using wss, but it failed.
The error at the Javascript client side is like this.
WebSocket connection to 'wss://securedsitedotcom:3003/call' failed:
WebSocket opening handshake was canceled
Please help!
Code at client side (Javascript)
var ws = new WebSocket('wss://securedsitedotcom:3003/call');
Code at server side (node.js)
https = require('https');
var server = https.createServer({
key: fs.readFileSync(config.certKeyPath),
cert: fs.readFileSync(config.certCrt),
requestCert: true,
rejectUnauthorized: false
},app);
server.listen(port);
var wss = new ws.Server({
server: server,
path: '/call'
});
Error at the browser console :
WebSocket connection to 'wss://securedsitedotcom:3003/call' failed:
WebSocket opening handshake was canceled
Recent work with Chrome has revealed that if a page is served as https on Chrome, websockets must use wss. And if wss must be used, port 443 must be used (and to boot not any other secure port and so far I have not seen any way to change the port), which may be your problem since your port looks like 3003 above.
Right now I am trying to get my IT group to patch/upgrade Apache on that server so mod_proxy_wstunnel can be used to make Apache listening on 443 a reverse proxy and pass all wss traffic through to my websocket server.
Hope this helps.
I ran into a similar issue, but I was using a Self Signed Certificate. You mentioned that you bought a Certificate. I guest it is signed by the certificate authority.
Otherwise, like in my case, non-validated certificate can cause an "opening handshake was cancelled" error. A validated certificate is either validated by a third party (Certificate Authority, ie VeriSign) or explicitly authorized by the client.
In my case, VeriSign didn't sign my certificate (self signed), so I had to explicitly authorized it. To do so, I simply need to visit the https URL with the browser (in your case "https://securedsitedotcom:3003/call"). Then a "warning unauthorized host" appear. You need to authorize the exception and than you can make your WSS connection.
Your server can use any port, it is not bound to 443. 443 is the default port for https but any port can be explicitly specified like you've done.
I hope it helps someone.
I am making a webcoket application for my website. Evrything were OK before I tried secured connection.
Chrome just disconnects with "undefined" error.
Server console shows
2014-07-25 15:24:50 [info] [client 5.ХХХ.ХХХ.ХХХ:54166] Connected
2014-07-25 15:24:50 [info] [client 5.ХХХ.ХХХ.ХХХ:54166] Disconnected
My server is running CentOS 6 with Apache and PHP 5.4.
For WS server I choose Link1
Certificate also was built for TSL. What I am doing wrong?
You can check it out on Link2
Solved.
I replaced built-in SSL with stunnel.