I need help in fixing this issue.
I am trying to implement ssl to the domain my.domain.com
Front end is Angular and Backend is Meteor
I was able to create ssl certificates properly and was able to get Secure https label on loading the domain, but the page was not rendering because of the error
Uncaught TypeError: a._qs.unescape is not a function
from the build file in the .build/dist/bundle/programs/web.browser
Request URL:https://my.domain.com/5a0c202b90aa3cc1c9414b703c4e1f343fb0dd4e.js?meteor_js_resource=true
Below websocket request will remain pending with status 101
wss://my.domain.com/sockjs/362/4q059yw7/websocket
I have not written any code on Meteor to run it to https, I am trying to handle through nginx.
From angular after adding ssl certificates trying to connect to meteor throughwss://localhost/ instead of ws://localhost:3000/
Please find my nginx file below.
events {
}
http {
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name my.domain.com;
root /client;
index index.html;
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.domain.com;
root /client;
index index.html;
ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /api {
proxy_pass http://localhost:3000;
}
location /uploadFile {
proxy_pass http://localhost:3000;
}
error_page 500 502 503 504 /50x.html;
location = /51x.html {
root /client;
}
}
}
Any leads would be appreciated.
I figured out the issue I had.
Issue was in below line in nginx.
proxy_pass http://localhost:3000;
I fixed it by redirecting it to http://localhost:3000/websocket; and location as location /websocket
Snippet is below.
location /websocket {
proxy_pass http://localhost:3000/websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
}
Related
I have a reverse proxy with nginx:
server {
server_name CENSURED;
access_log /var/log/nginx/CENSURED.access.log;
error_log /var/log/nginx/CENSURED.error_log;
location / {
proxy_buffering off;
proxy_request_buffering off;
# redirect all HTTP traffic to localhost:8080
proxy_pass http://localhost:9090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
try_files $uri $uri/ =404;
proxy_read_timeout 86400; }
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/CENSURED/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/CENSURED/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
The server side is made with node:
var WebSocketServer = require('ws').Server;
var wss = new WebSocketServer({ port: 9090 });
wss.on('connection', function (connection) {
Client side
new WebSocket("ws:"+URL)
I get this server log, which seems to be a client side error? but I can't figure out how I should fix it
2022/07/04 12:09:19 [crit] 1809447#1809447: *45 SSL_do_handshake() failed (SSL: error:142090BA:SSL routines:tls_early_post_process_client_hello:bad cipher) while SSL handshaking, client: CENSURED, server: 0.0.0.0:443
Do I have to add something to the server side for socket to work with SSL? but I already tried a bunch of things and nothing seems to work and it's strange that is works without any issue with wscat
specifying ssl_protocols TLSv1.2 TLSv1.3; and default server solved the problem
I'm trying to deploy my angular application on my EC2. I already have a Different app running on port 3000. now i'm trying to deploy my angular app on port 3030. but when i access it via the IP:3030 it works fine, but after configuring it with nginx it returns black page and with some 404 error on the Network tab.
server {
listen 443 ssl;
server_name <ABC.DOMAIN.COM>;
ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
proxy_pass http://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
location /goalmate{
rewrite /goalmate/(.*)$ /$1 break;
proxy_pass http://localhost:3030/;
}
}
}
server {
listen 80;
server_name <ABC.DOMAIN.COM>;
return 301 https://$host$request_uri;
}
Error Showing in the Networktab
can someone help me.?
should'nt the requeston the networkTab show domain.com/goalmate/assets/ other than domain.com/assests
Hi I've been trying to do this previously with Apache with no success. I've decided to try Nginx instead.
I'm trying to establish the following,
client <-- wss -- > Nginx <-- ws --> Nodejs
Seems like a simple thing to do, however I'm not getting any success. I'm continuously getting Error 301.
My client side is simple,
const connection = new WebSocket('wss://' + location.host + '/ws');
Server side is,
const ws = new WebSocket.Server({port: 8080});
Nginx config file is,
server {
server_name example.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:3000;
}
location /ws {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1; # Needed
proxy_set_header Upgrade $http_upgrade; # Needed
proxy_set_header Connection "upgrade"; # Needed
proxy_pass http://localhost:3000;
}
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
I've seen numerous posts regarding the websockets config set up, and the one I have no should definitely work. However, no matter how hard I try it's not working.
I figured it out,
The problem was that I set up the Websocket to be on port 8080, however my proxy_pass is setup for the port 3000.
The solution was to have them both be on the same port.
For the app server
const ws = new WebSocket.Server({port: 3001});
and have the Nginx to have the same port under /ws,
proxy_pass http://localhost:3001;
I am running a dAPP on a cloud server and using nginx and parity client with wesocket enabled on it.
I installed a certbot certificate for the https domain.
Now i am having problem that while accessing my website using https it gives an error on chrome that..
web3-providers.umd.js:1269 Mixed Content: The page at 'https://www.
chain.com/' was loaded over HTTPS, but attempted to connect to the
insecure WebSocket endpoint 'ws://40.138.47.154:7546/'. This request has
been blocked; this endpoint must be available over WSS.
then i added the reverse proxy on nginx config file as
location / {
# switch off logging
access_log off;
proxy_pass http://localhost:7556; #Port for parity websocket
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
and then it is giving an error of
"WebSocket interface is active. Open WS connection to access RPC."
What is the problem here and what should i try?
Thanks
The https won't allow loading insecure content on the page.
One possible solution is to use the SSL/TLS terminator between the application server and the client.
From the official Nginx docs, the relevant part of the config file could be like this:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server localhost:7546;
}
server {
listen 443;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
ssl on;
# specify cert and key
}
Inside the dApp change 'ws://40.138.47.154:7546/' to wss://40.138.47.154.
When created a website with nodejs. In this website I have a page that can upload image to server. I tested this on my computer it's work fine. After I deploy it to server it's not working. I read the log. I got two from both access and error log at the same time.
This is an error.log
upstream prematurely closed connection while reading response header from upstream , client: xx.xx.xx.xx, server: example.com, request: "POST /admin/place/thumbnanil/upload HTTP/1.1", upstream: "http://127.0.0.1:3002/admin/place/thumbnanil/upload", host: "example.com", referrer: "https://example.com/admin/place/detail"
This is an access.log
POST /admin/place/thumbnanil/upload HTTP/1.1" 502 583 "https://example.com/admin/place/detail"
This is my nginx virtual host
upstream example {
server 127.0.0.1:3002;
keepalive 8;
}
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:3002;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
}
}
I'm using ubuntu 14.04 on AWS EC2.
NodeJS v4.4.7
This is the url that I'm using for post : https://example.com/admin/place/thumbnanil/upload
Try this,
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3002/;
proxy_read_timeout 90;
proxy_buffering off;
proxy_redirect http://localhost:3002/ https://example.com/;
}