This question already has an answer here:
How to force node.js/express.js to HTTPS when it is running behind an AWS load balancer
(1 answer)
Closed 5 years ago.
I have running server nodeJs with express module. And website is made by React.js which is server-side-redering.
And I have domain : www.example.com, Route53 with load balancer applied AWS Certificate Manager.
the problem is I don't know how to automatically access https:// protocol, when I type url http://www.example.com
now, I can access each of url like as http://www.example.com or https://www.example.com
I found solution :
app.use (function (enter code herereq, res, next) {
if (req.secure) {
next();
} else {
res.redirect('https://' + req.headers.host + req.url);
}
});
but it's not working...
what is nice way???
update
if using nodejs with express, how to set a port?
the express block port 80, So I use
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000. is it common method to connect port?
I have load balancer using SSL (ACM), and port using port are 80, 443.
how to directly access that either 'http' or 'https should access https.
When deploying NodeJS applications it is recommended to use a web server like Nginx or Apache infront of Node server as a proxy, for gzip encoding, static file serving, HTTP caching, SSL handling, load balancing and etc.
One option is to have the redirection at proxy level
In AWS another option is to use Cloudfront with http to https redirect for behavior of the origin (Also caching static content at Edge Location level)
Related
I developed an application with NextJs then built it. I run it on node server using
'npm run start' at Powershell. it works fine on localhost on port 80, but my server does not accept any request from outside neither by domain name or IP address. how should I configure application or nodejs to accept all request ?
OS is windows server 2019
You need to allow CORS
res.header('Access-Control-Allow-Origin', '*');
Try to this cors npm module - https://www.npmjs.com/package/cors
var cors = require('cors');
var app = express();
app.use(cors());
It provides many features to configure cors setting including domain whitelisting, enabling cors for specific apis and many more.
I uploaded my node.js app with ec2 AWS instance, my app.ts running on port 5000, I allowed within inbound rules HTTPS on port 443, also I bought have a domain with route 53 amazon, when I'm trying to send a request to https://ec2-3-example.com am getting err connection refused but when I'm sending a request with http://ec2-3-example.com:5000 locally I get the data from the server, how do I solve this?
thanks in advance I can share the code if it helps
In order to have access to your app via HTTPS, you will have to attach an SSL certificate to a reverse proxy somewhere in the middle of the system.
The problem you are experiencing is that you are opening port 443 in the EC2 instance, but your application is running on port 5000. On top of that, SSL termination will not be done automatically. You will need a reverse proxy like ALB or Nginx.
One way of doing it in your case could be:
Check that your app runs on port 5000 in an EC2 instance
Create an ALB and add your EC2 instance to it
Attach an SSL Certificate to your ALB with the corresponding domain
Allow inbound traffic on port 5000 in the security group of your EC2 instance, from your ALB
Allow inbound traffic on port 443 for the ALB
Route traffic from your domain on Route53 to your ALB
I have a Linux NodeJS/Express app that just exposes a text file to http://example.com/secret.txt and I would like to have only accessable over HTTPS on port 10000 and Basic Auth.
The secret.txt is not a file on the file system. It only exists in memory.
All this is easy to set up in Nginx, so the question becomes:
Question
Can Nginx be used to give my NodeJS/Express app HTTPS over port 10000 with Basic Auth?
I'm not sure I understand your environment correctly, but if I am, the very basic server block would look like
server {
listen 10000 ssl;
server_name example.com;
ssl_certificate /path/to/your/certificate;
ssl_certificate_key /path/to/your/certificate/key;
location / {
# how we must serve other requests? assuming we should return 404 not found
return 404;
# we can also use special nginx 444 code to close incoming connection immediately
}
location = /secret.txt {
auth_basic "Restricted area"; # whatever you want message
auth_basic_user_file /path/to/your/passwords/file;
proxy_pass http://127.0.0.1:<your_nodejs_app_port>;
}
}
It should be quite obvious that the node.js app port should not be exposed to the internet and should be accessible only locally via 127.0.0.1 or localhost.
I have a webpack dev configuration with my front end dev server running on 8080 and my backed server running on port 3000.
So in dev mode my webpack dev server is configured like follows :
proxy: {
'/api': 'http://localhost:3000',
}
How can I do the same thing in the prod server that serves the built static files of my front end ?
I have the following code for my prod server that serves the static files of my front end :
const proxy = require('http-proxy-middleware')
app.use(express.static(dir))
/**
* Redirect everything that starts with /api/* to the backend rest server
*/
app.use('/api', proxy({ target: backendUrl }))
app.get('*', (req, res) => {
res.sendFile(path.resolve(dir + '/index.html'))
})
This is not working as the cookies seem to be lost with the proxying (unlike with the proxying with webpack where evyrhthing works).
Am I going about this problem in the correct way ?
In this case, you can create a reverse-proxy which is going to receive all the information from the frontend, make the requests to the other address and then return the proper answer to the frontend. I used to develop a lot of these back in the days, there is a package that i created which can help you.
Basically the flow is:
Frontend -> endpoint on your render server (port 8080) -> backend (port 3000) -> render server (port 8080) -> frontend
You can try using:
A server (i.E. nginx) as a reverse proxy.
A node-http-proxy as a reverse proxy.
A vhost middleware if each domain is served from the same Express
codebase and node.js instance.
You may also want to check your cookie flags (changeOrigin, secure, cookieDomainRewrite etc..)
info: IF running http on localhost, the cookie will not be set if secure-flag is present in the response
I built a simple express api server on port 8080. In another port(3000) i am building the client side with react which fetch data from my express api endpoint. For this i will have to run both of these applications on separate port. How can i run both of these in same port eg. 8080?
I am pretty new at this. help would be really appreciated.
1/ If you need them to run on the same port because of CORS issues, it may be easier (and good practice) to set up CORS headers on your API server to allow requests from origin whatever:3000.
2/ To serve both the API and the static pages and scripts on the same port, you can either modify your API server to handle requests for the static content, or use a reverse proxy. I'd recommend nginx to set that up (and to serve the static content too, if you can).
Example nginx config:
location /api/ {
proxy_pass http://localhost:8080/;
}
location / {
proxy_pass http://localhost:3000/;
}