I have problem with my app with Action Cable on Heroku:
WebSocket connection to 'ws://localhost:3000/cable' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
My production.rb:
config.action_cable.url = "wss://NAME.herokuapp.com/cable"
config.action_cable.allowed_request_origins = ['https://NAME.herokuapp.com', 'http://NAME.herokuapp.com']
I tried to specify the server in the cable.js as well:
#App ||= {}
App.cable = ActionCable.createConsumer("wss://NAME.herokuapp.com/cable")
I tried to change it in development.rb just in case but nothing helps. The Heroku is still trying to connect to localhost.
Another weird thing that has nothing in common with it I think, is that the app is not able to process some js code like: alert('test') or console.log("haha") despite of some js code works and I tried assets:precompile as well.
In localhost, everything works perfectly. Any idea what can be wrong with heroku and the setting?
While ActionCable was in development, I remember you had to startup 2 servers for the cable connection and for Rails. I don't think that is still needed for the final release.
My guess is that you don't have Redis provisioned on your Heroku instance, whereas in Production, ActionCable relies on Redis for it's server communication.
To fix this, you should do the following:
heroku addons:add redistogo
heroku config | grep REDISTOGO_URL
In your config/cable.yml, set the Redis url to the one given. I guess you should also be able to use ENV['REDISTOGO_URL'] in place of the url.
Let me know if that helps.
If it's working locally but not remotely it may be an SSL problem. Make sure you properly set up an SSL endpoint for the secure websocket (wss):
https://devcenter.heroku.com/articles/ssl-endpoint
Also, there is an excellent blog post on Heroku about how to set up Action Cable: https://blog.heroku.com/real_time_rails_implementing_websockets_in_rails_5_with_action_cable. Alas, the article does not mention the necessity of setting up an SSL endpoint for the Heroku deployment to work.
Update: I have checked the console for error, it catches
Uncaught ReferenceError: require is not defined
According to some online posts, it is probably due to the use of require on the browser side. require is meant to be a syntax for Node, which is used on the server side. But the use of [Browserify][browserify.org/] made this possible.
Im not sure how this works but hope someone may give me some advice.
I was trying to run Dillinger on my own Macbook Pro (13-inch)
I followed the instructions on the README.md but when running locally it shows this.
PS. As suggested by post here, I modified the package.json that the dependency installation can proceed.
Dropbox config not found at /Users/[name]/dev/dillinger/plugins/dropbox/dropbox-config.json. Plugin disabled.
Github config not found at /Users/[name]/dev/dillinger/plugins/github/github-config.json. Plugin disabled.
Google Drive config not found at /Users/[name]/dev/dillinger/plugins/googledrive/googledrive-config.json. Plugin disabled.
OneDrive config not found at /Users/[name]/dev/dillinger/plugins/onedrive/onedrive-config.json. Plugin disabled.
express deprecated app.configure: Check app.get('env') in an if
statement app.js:19:5
connect deprecated multipart: use parser (multiparty, busboy,
formidable) npm module instead
node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:56:20
connect deprecated limit: Restrict request size at location of read
node_modules/express/node_modules/connect/lib/middleware/multipart.js:86:15
connect deprecated methodOverride: use method-override npm module
instead app.js:27:19
express deprecated app.configure: Check app.get('env') in an if
statement app.js:56:5
Express server listening on port 8080
http://localhost:8080
When I send a request, it shows this :
Evernote not implemented yet.
GET / 200 34.139 ms - -
GET /css/app.css 304 4.351 ms - -
Then when I tried to open Dillinger at localhost, it is stuck at "Prepping all the things..."
Anyone has any idea why this is so? I am new to Javascript and Node.JS so forgive me if the question looks dumb.
Many thanks in advance!
I locally wrote a nodeJS app using socket.io and express modules.
I wanted to use openshift for hosting.
So I changed the main .js to server.js which seems to be the index equivalent of the openshift file and changed the server port setting to:
var server = require('http').createServer(app).listen(process.env.OPENSHIFT_NODEJS_PORT || 3000);
as indicated in some posts.
However after git commit, I am still getting:
remote: info: socket.io started
remote: warn: error raised: Error: listen EACCES
remote: DEBUG: Program node server.js exited with code 0
remote:
remote: DEBUG: Starting child process with 'node server.js'
and the website doesn't work.
As the app is serving a html file, there are two more places, where the port is mentioned, which sit in the index.html that is served:
header:
<script src='//localhost:3000/socket.io/socket.io.js'></script>
and within javascript for the html file:
var socket = io.connect('//localhost:'+process.env.OPENSHIFT_NODEJS_PORT || 3000);
// intial vars and multi list from server
socket.on('clientConfig', onClientConfig);
All files and modules are seemingly uploaded, but the EACCES error still prevails.
I get the feeling that maybe the header link to localhost:3000 might be the skipping point, but I am not sure. Anyone have any idea, what the problem is?
Also, there is no : socket.io/socket.io.js file in the socket.io modules folder, which I find confusing.
I had recently developed a chat client application using socket.io and also had webrtc in it. I was able to deploy the app on openshift by making the following changes into code.
Client Side
Keep the include script tag in a relative manner like so
<script src="/socket.io/socket.io.js"></script>
While declaring io.connection, change the ip part to point the application to server in this format.
var socket = io.connect('http://yourapp-domain.rhcloud.com:8000/', {'forceNew':true });
8000 is for http and 8443 is for https
Server Side
The io and the server should both be listening on the same port and the order in which the statements are run should also be given attention.
Step 1: Declare the http server using app.
( app is obtained from express)
var express = require('express');var app = express();)
var server = require('http').Server(app);
Step 2:
Declare io from socket.io and combine it with the server object.
var io = require('socket.io').listen(server);
Step 3:
Now, allow the server to listen to openshift port and ip.
server.listen(process.env.OPENSHIFT_NODEJS_PORT, process.env.OPENSHIFT_NODEJS_IP);
Please pay special attention to the order of the statements you write, it is the order which causes issues.
The server side of your websocket needs to listen on port 8080 on your openshift ip address, the CLIENT side needs to connect to your ws://app-domain.rhcloud.com:8000
I have a few notes on how to use WebSockets here: https://www.openshift.com/blogs/10-reasons-openshift-is-the-best-place-to-host-your-nodejs-app#websockets
You don't need any additional server-side changes after adapting your code to take advantage of environment variables (when available)
OpenShift's routing layer exposes your application on several externally-accessible ports: 80, 443, 8000, 8443.
Ports 8000 and 8443 are both capable of handling websocket connection upgrades. We're hoping to add support for WebSocket connections over ports 80 and 443 soon.
I'm using node.js request.js to reach an api. I'm getting this error
[Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
All of my credentials are accurate and valid, and the server's fine. I made the same request with postman.
request({
"url": domain+"/api/orders/originator/"+id,
"method": "GET",
"headers":{
"X-API-VERSION": 1,
"X-API-KEY": key
},
}, function(err, response, body){
console.log(err);
console.log(response);
console.log(body);
});
This code is just running in an executable script ex. node ./run_file.js, Is that why? Does it need to run on a server?
Note: the following is dangerous, and will allow API content to be intercepted and modified between the client and the server.
This also worked
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';
It's not an issue with the application, but with the certificate which is signed by an intermediary CA.
If you accept that fact and still want to proceed, add the following to request options:
rejectUnauthorized: false
Full request:
request({
"rejectUnauthorized": false,
"url": domain+"/api/orders/originator/"+id,
"method": "GET",
"headers":{
"X-API-VERSION": 1,
"X-API-KEY": key
},
}, function(err, response, body){
console.log(err);
console.log(response);
console.log(body);
});
The Secure Solution
Rather than turning off security you can add the necessary certificates to the chain. First install ssl-root-cas package from npm:
npm install ssl-root-cas
This package contains many intermediary certificates that browsers trust but node doesn't.
var sslRootCAs = require('ssl-root-cas/latest')
sslRootCAs.inject()
Will add the missing certificates. See here for more info:
https://git.coolaj86.com/coolaj86/ssl-root-cas.js
CoolAJ86's solution is correct and it does not compromise your security like disabling all checks using rejectUnauthorized or NODE_TLS_REJECT_UNAUTHORIZED. Still, you may need to inject an additional CA's certificate explicitly.
I tried first the root CAs included by the ssl-root-cas module:
require('ssl-root-cas/latest')
.inject();
I still ended up with the UNABLE_TO_VERIFY_LEAF_SIGNATURE error. Then I found out who issued the certificate for the web site I was connecting to by the COMODO SSL Analyzer, downloaded the certificate of that authority and tried to add only that one:
require('ssl-root-cas/latest')
.addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');
I ended up with another error: CERT_UNTRUSTED. Finally, I injected the additional root CAs and included "my" (apparently intermediary) CA, which worked:
require('ssl-root-cas/latest')
.inject()
.addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');
For Create React App (where this error occurs too and this question is the #1 Google result), you are probably using HTTPS=true npm start and a proxy (in package.json) which goes to some HTTPS API which itself is self-signed, when in development.
If that's the case, consider changing proxy like this:
"proxy": {
"/api": {
"target": "https://localhost:5001",
"secure": false
}
}
secure decides whether the WebPack proxy checks the certificate chain or not and disabling that ensures the API self-signed certificate is not verified so that you get your data.
It may be very tempting to do rejectUnauthorized: false or process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0'; but don't do it! It exposes you to man in the middle attacks.
The other answers are correct in that the issue lies in the fact that your cert is "signed by an intermediary CA." There is an easy solution to this, one which does not require a third party library like ssl-root-cas or injecting any additional CAs into node.
Most https clients in node support options that allow you to specify a CA per request, which will resolve UNABLE_TO_VERIFY_LEAF_SIGNATURE. Here's a simple example using node's built-int https module.
import https from 'https';
const options = {
host: '<your host>',
defaultPort: 443,
path: '<your path>',
// assuming the bundle file is co-located with this file
ca: readFileSync(__dirname + '/<your bundle file>.ca-bundle'),
headers: {
'content-type': 'application/json',
}
};
https.get(options, res => {
// do whatever you need to do
})
If, however, you can configure the ssl settings in your hosting server, the best solution would be to add the intermediate certificates to your hosting provider. That way the client requester doesn't need to specify a CA, since it's included in the server itself. I personally use namecheap + heroku. The trick for me was to create one .crt file with cat yourcertificate.crt bundle.ca-bundle > server.crt. I then opened up this file and added a newline after the first certificate. You can read more at
https://www.namecheap.com/support/knowledgebase/article.aspx/10050/33/installing-an-ssl-certificate-on-heroku-ssl
You can also try by setting strictSSL to false, like this:
{
url: "https://...",
method: "POST",
headers: {
"Content-Type": "application/json"},
strictSSL: false
}
I had the same issues. I have followed #ThomasReggi and #CoolAJ86 solution and worked well but I'm not satisfied with the solution.
Because "UNABLE_TO_VERIFY_LEAF_SIGNATURE" issue is happened due to certification configuration level.
I accept #thirdender solution but its partial solution.As per the nginx official website, they clearly mentioned certificate should be combination of The server certificate and chained certificates.
Just putting this here in case it helps someone, my case was different and a bit of an odd mix. I was getting this on a request that was accessed via superagent - the problem had nothing to do with certificates (which were setup properly) and all to do with the fact that I was then passing the superagent result through the async module's waterfall callback. To fix: Instead of passing the entire result, just pass result.body through the waterfall's callback.
Following commands worked for me :
> npm config set strict-ssl false
> npm cache clean --force
The problem is that you are attempting to install a module from a repository with a bad or untrusted SSL[Secure Sockets Layer] certificate. Once you clean the cache, this problem will be resolved.You might need to turn it to true later on.
Another approach to solving this securely is to use the following module.
node_extra_ca_certs_mozilla_bundle
This module can work without any code modification by generating a PEM file that includes all root and intermediate certificates trusted by Mozilla. You can use the following environment variable (Works with Nodejs v7.3+),
NODE_EXTRA_CA_CERTS
To generate the PEM file to use with the above environment variable. You can install the module using:
npm install --save node_extra_ca_certs_mozilla_bundle
and then launch your node script with an environment variable.
NODE_EXTRA_CA_CERTS=node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle/ca_intermediate_root_bundle.pem node your_script.js
Other ways to use the generated PEM file are available at:
https://github.com/arvind-agarwal/node_extra_ca_certs_mozilla_bundle
NOTE: I am the author of the above module.
I had an issue with my Apache configuration after installing a GoDaddy certificate on a subdomain. I originally thought it might be an issue with Node not sending a Server Name Indicator (SNI), but that wasn't the case. Analyzing the subdomain's SSL certificate with https://www.ssllabs.com/ssltest/ returned the error Chain issues: Incomplete.
After adding the GoDaddy provided gd_bundle-g2-g1.crt file via the SSLCertificateChainFile Apache directive, Node was able to connect over HTTPS and the error went away.
If you come to this thread because you're using the node postgres / pg module, there is a better solution than setting NODE_TLS_REJECT_UNAUTHORIZED or rejectUnauthorized, which will lead to insecure connections.
Instead, configure the "ssl" option to match the parameters for tls.connect:
{
ca: fs.readFileSync('/path/to/server-ca.pem').toString(),
cert: fs.readFileSync('/path/to/client-cert.pem').toString(),
key: fs.readFileSync('/path/to/client-key.pem').toString(),
servername: 'my-server-name' // e.g. my-project-id/my-sql-instance-id for Google SQL
}
I've written a module to help with parsing these options from environment variables like PGSSLROOTCERT, PGSSLCERT, and PGSSLKEY:
https://github.com/programmarchy/pg-ssl
Hello just a small adition to this subject since in my case the
require('ssl-root-cas/latest')
.inject()
.addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');
didn't work out for me it kept returning error that the file could not be downloaded i had been a couple of hours into the reasearch of this particular error when I ran into this response https://stackoverflow.com/a/65442604
Since in my application we do have a proxy to proxy some of our requests as a security requirement of some of our users I found that in the case you are consulting an API that has this issue and if you can access the API url throught your browser you can proxy your request and it might fix the [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE] issue.
An example of how i use my proxy
await axios.get(url, {
timeout: TIME_OUT,
headers: {
'User-Agent': 'My app'
},
params: params,
proxy: {
protocol: _proxy.protocol,
host: _proxy.hostname,
port: _proxy.port,
auth: {
username: _proxy_username,
password: _proxy_password
}
}
});
I had the same problem and I am able to fix it the following way,
Use the full-chain or just the chain certificate instead of just the certificate.
That is all.
This same error can be received when trying to install a local git shared repo from npm.
The error will read: npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE
Apparently there is an issue with the certificate, however what worked for me was change the link to my shared repo in the package.json file from:
"shared-frontend": "https://myreposerver"
to:
"shared-frontend": "git+https://myreposerver"
In short, just adding git+ to the link solved it.
Another reason node could print that error is because a backend connection/service is misconfigured.
Unfortunately, the node error doesn't say which certificate it was unable to verify [feature request !]
Your server may have a perfectly good certificate chain installed for clients to connect and even show a nice padlock in the browser's URL bar, but when the server tries to connect to a backend database using a different misconfigured certificate, then it could raise an identical error.
I had this issue in some vendor code for some time. Changing a backend database connection from self-signed to an actual certificate resolved it.
You have to include the Intermediate certificate in your server. This solves the [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
I'm trying to get websockets to also work with node-http-proxy. The difference is i'm using a proxytable:
var options = {
router: {
'a.websterten.com': '127.0.0.1:150',
'b.websterten.com' : '127.0.0.1:151',
}
};
var server = httpProxy.createServer(options);
I tried:
server.on('upgrade', function (req, socket, head) {
server.proxy.proxyWebSocketRequest(req, socket, head);
});
But it doesn't seem to work. A quick check to see whether websockets work shows I get Unexpected response code: 400 from Chrome (works fine if I go directly)
Also doing a couple of checks server.on('upgrade',.. doesn't fire on a websocket request
How can I get my proxy server to route websockets correctly?
I've also tried this on node 0.8.23 as well as node 0.10.x (the later versions of node have a memory leak issue, but it wont work on 0.8.23 either)
When you use httpProxy.createServer(), it's not necessary to handle the upgrade event because http-proxy handles it automatically. Thus, your server.on('upgrade', ...) never fires because http-proxy is already handling it internally.
The only time you need to do server.on('upgrade') is when you pass middleware functions to httpProxy.createServer or if you've manually created the server with http.createServer().
In other words, websockets should "just work" through the proxy in your configuration.
However, WebSocket support in http-proxy is currently broken on node v0.10.x because of streams2 (the stream APIs in node core were completely rewritten in 0.10). Also, the most recent release of http-proxy (0.10.2) is broken in node v0.8 because of a botched fix for the streams2 issue.
So you have two options:
Wait for http-proxy to rewrite its internals to cope with streams2.
Downgrade to node v0.8.23 and http-proxy 0.10.1. (At least until #1 happens.)
(You can install old versions of npm modules by running npm install http-proxy#0.10.1.)