0

I have make my nodejs app, hosted it on digital ocean server connect it to domain name, and all works fine, but when i'm trying to put ssl certificate (using https module instead of http), it doesn't works. Here is a code:

var sslopt = {

    key  : fs.readFileSync('./ssl/server.key'),
    cert : fs.readFileSync('./ssl/server.crt'),
    ca   : [fs.readFileSync('./ssl/ca1.crt'), fs.readFileSync('./ssl/ca2.crt')]

};

var server = https.createServer(sslopt,function(req,res){
    ...
});

server.listen(8001,function(err){
    ...
});

My nodejs app running fine but if i'm trying to access it, I just see the 502 Bad Gateway error, and no requests was sent to my nodejs app. When I have opened my nginx error log I see the errors

-date- -time- [error] 18116#18116: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: -ip-, server: -server-, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8001/", host: -host-

But the most strange thing that if I'm trying to get access with https protocol and port 8001 (https://{domainname}.com:8001) I can see my app working fine, but connection is not secured.

I just can't understand what I'm doing wrong...

P.S.

my nginx config file

server {
    listen *:443;
listen *:80;


    server_name {myhostname};

    access_log /var/log/nginx/qt.access.log;
    error_log /var/log/nginx/qt.error.log;

    root /srv/qt;
    index index.html index.htm index.php;


    # Headers to pass to proxy server.
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_cache_bypass $http_upgrade;
    proxy_http_version 1.1;
    proxy_redirect off;
    # Go to next upstream after if server down.
    proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
    proxy_connect_timeout 5s;
    # Gateway timeout.
    proxy_read_timeout 20s;
    proxy_send_timeout 20s;
    # Buffer settings.
    proxy_buffers 8 32k;
    proxy_buffer_size 64k;




    location  / {



        proxy_pass http://127.0.0.1:8001;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

}
Improve this question
15
  • 1
    proxy_pass is set to http://, not https://. However, I would advise that instead of having Node handle HTTPS, you let NGINX do it (so "client-to-NGINX" is HTTPS and "NGINX-to-Node" is plain HTTP). Commented May 10, 2017 at 20:36
  • Thanks for your reply. If I attaching certificate to the nginx and then using http instead of https all working fine, but I can't connect to the websocket server now. In console I see the error. WebSocket connection to 'wss://{hostname}:8001/' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED And no requests sent to my websocket server log Commented May 11, 2017 at 10:58
  • You should let NGINX proxy your websockets for you: wss://{hostname} (no port number required) Commented May 11, 2017 at 11:00
  • Now It responds me connection to 'wss://{hostname}/' failed: Error during WebSocket handshake: Unexpected response code: 200 And in my console I see that it goes as simple http request... Commented May 11, 2017 at 11:06
  • 1
    That might be a problem, although I'd assume that regular HTTPS requests would also cause issues in that situation. Perhaps it's easier (for now) to move the HTTPS-part back to Node :( Commented May 11, 2017 at 12:07

1 Answer 1

Reset to default
0

Recognizing that this is an old post, hopefully this will still help someone out. I just figured out what seems to be the same thing and it was proxy server related.

My NodeJS server worked fine without SSL but gave the 502 without ever reaching the server when I used https. 

// =============================================================================
// START THE SERVER

var port = process.env.PORT || 8080;        // set our port

https.createServer({
     key: fs.readFileSync('./certs/private.key'),
     cert: fs.readFileSync('./certs/cert.crt')
 }, app).listen(port);

//app.listen(port);

console.log('API Active on port ' + port);

My client and server are behind a pfSense firewall using a Squid3 proxy server.

pfSense controls the DNS for api.mydomain.com and routes the traffic to my dev server when I make a call to api.mydomain.com:8080/myroute. I have a valid SSL/TLS cert for api.mydomain.com

  • With the app.listen(port) line uncommented everything worked great.

  • With the https.createServer(...) uncommented I got the 502 error and traffic never reached the server.

To fix:

  1. In pfSense click Services -> Squid Proxy Server
  2. Click on the ACLs configuration page
  3. At the bottom of the page find the section called Squid Allowed Ports.
  4. In the field For ACL SSL Ports, enter the port your application is using (in my case 8080).

For me, rainbows appeared and bluebirds did sing.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.