How to proxy https to http and enable ssl?

Question

Hello everyone,

I have configured an app that communicated via websocket (ws) protocol.
I want to config this app over https but getting “mixed content error”:

** The app was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint.

Now I want to proxy https to http while enabling the SSL as well.

My current configs are:

server {
           listen 443;
           server_name verify.flexibilitaetsmarkt.de;

            ssl_certificate /etc/letsencrypt/live/verify.flexibilitaetsmarkt.de/fullchain.pem; # managed by Certbot
            ssl_certificate_key /etc/letsencrypt/live/verify.flexibilitaetsmarkt.de/privkey.pem; # managed by Certbot
            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

           ssl on;
           ssl_session_cache  builtin:1000  shared:SSL:10m;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;


            proxy_pass http://127.0.0.1:8000;
            proxy_read_timeout 86400;       

        }
    }



server {
    listen 8000;

    root /home/ubuntu/alf_poc/app;
    # Add index.php to the list if you are using PHP
    index index.html;

}

However, I’m still getting the same error.
Is there any help how can I proxy/redirect https to http and enable SSL as well?

Many thanks

Answer 1

bobbyiliev September 13, 2020

Hi there @myahya,

As per the official Nginx documentaton, what I could suggest trying is to add the following extra proxy rules:

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

After that run a config test:

sudo nginx -t

And if you get Syntax OK, restart Nginx:

sudo systemctl restart nginx

Let me know how it goes!
Regards,
Bobby

Reply Report

myahya September 13, 2020

Hi @bobbyiliev,

Thank you for your help.

I updated the configs according to your instructions, but still no luck. Getting the same “Mixed content” error.

any other suggestion?

thanks.

Reply Report

bobbyiliev September 13, 2020

Hi there @myahya,

How is your WebSocket defined? Are you using wss:// or ws://?

What I could suggest is changing ws:// to wss:// and give it a try again.

Let me know how it goes!
Regards,
Bobby

Reply Report

myahya September 13, 2020

Hi @bobbyiliev,

In my app, I’m using the endpoint like this:

const web3 = new Web3 (‘ws://server-ip:7546’);

The problem is that I can not use wss instead of ws.

I already tried wss and its not working. I think I have to use some external libraries like “websocket’ and also need to use SSL inorder to make wss work.

Any suggestion from your side, is there any better way to achieve this?

Many thanks
Reply Report
- myahya September 14, 2020
  
  Hi @bobbyiliev,
  
  I could change ws to wss in the endpoint.
  
  However, I’m getting this in the browser:
  “WebSocket interface is active. Open WS connection to access RPC.”
  
  Can you please help me how can I fix this?
  thanks
  
  Reply Report
  
  bobbyiliev September 15, 2020
  
  Hi there @myahya,
  
  I think that you might have to specify the path to the certificate.
  
  As an example you could take a look at this code here from the official repository:
  
  https://github.com/websockets/ws/blob/master/examples/ssl.js
  
  Let me know how it goes!
  Regards,
  Bobby
  
  Reply Report

myahya September 15, 2020

Hello @bobbyiliev,

Thanks again.

I have created a test script index.js as below:

const https = require('https');
const fs = require('fs');
const WebSocket = require('ws');
const server = https.createServer({
    cert: fs.readFileSync('./cert/server.pem'),
    key: fs.readFileSync('./cert/server.key')
});

const wss = new WebSocket.Server({ server });

wss.on('connection', function connection(ws) {
    ws.on('message', function message(msg) {
        console.log(msg);
    });
});

server.listen(function listening() {
    const ws = new WebSocket('wss://80.158.47.134:7546', {
        rejectUnauthorized: false
    });

    ws.on('open', function open() {
        const web3 = new Web3(ws);
        web3.eth.getAccounts().then(e => console.log(e));
    });
});

However, I’m getting the following error:

(node:19165) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Use `node --trace-deprecation ...` to show where the warning was created)
events.js:291
      throw er; // Unhandled 'error' event
      ^

Error: write EPROTO 140019449694080:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:94:16)
Emitted 'error' event on WebSocket instance at:
    at ClientRequest.<anonymous> (/home/yahya/Documents/GitHub/wss-test/node_modules/ws/lib/websocket.js:551:15)
    at ClientRequest.emit (events.js:314:20)
    at TLSSocket.socketErrorListener (_http_client.js:469:9)
    at TLSSocket.emit (events.js:314:20)
    at emitErrorNT (internal/streams/destroy.js:100:8)
    at emitErrorCloseNT (internal/streams/destroy.js:68:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -71,
  code: 'EPROTO',
  syscall: 'write'
}

Any help, please?
Thanks

Reply Report

bobbyiliev November 3, 2020

Hi there @myahya,

Just noticed this reply here. Have you been able to get this to work?

Regards,
Bobby
Reply Report

Answer 2

myahya September 13, 2020

Hi @bobbyiliev,

Thank you for your help.

I updated the configs according to your instructions, but still no luck. Getting the same “Mixed content” error.

any other suggestion?

thanks.

Reply Report

bobbyiliev September 13, 2020

Hi there @myahya,

How is your WebSocket defined? Are you using wss:// or ws://?

What I could suggest is changing ws:// to wss:// and give it a try again.

Let me know how it goes!
Regards,
Bobby

Reply Report

myahya September 13, 2020

Hi @bobbyiliev,

In my app, I’m using the endpoint like this:

const web3 = new Web3 (‘ws://server-ip:7546’);

The problem is that I can not use wss instead of ws.

I already tried wss and its not working. I think I have to use some external libraries like “websocket’ and also need to use SSL inorder to make wss work.

Any suggestion from your side, is there any better way to achieve this?

Many thanks
Reply Report
- myahya September 14, 2020
  
  Hi @bobbyiliev,
  
  I could change ws to wss in the endpoint.
  
  However, I’m getting this in the browser:
  “WebSocket interface is active. Open WS connection to access RPC.”
  
  Can you please help me how can I fix this?
  thanks
  
  Reply Report
  
  bobbyiliev September 15, 2020
  
  Hi there @myahya,
  
  I think that you might have to specify the path to the certificate.
  
  As an example you could take a look at this code here from the official repository:
  
  https://github.com/websockets/ws/blob/master/examples/ssl.js
  
  Let me know how it goes!
  Regards,
  Bobby
  
  Reply Report

myahya September 15, 2020

Hello @bobbyiliev,

Thanks again.

I have created a test script index.js as below:

const https = require('https');
const fs = require('fs');
const WebSocket = require('ws');
const server = https.createServer({
    cert: fs.readFileSync('./cert/server.pem'),
    key: fs.readFileSync('./cert/server.key')
});

const wss = new WebSocket.Server({ server });

wss.on('connection', function connection(ws) {
    ws.on('message', function message(msg) {
        console.log(msg);
    });
});

server.listen(function listening() {
    const ws = new WebSocket('wss://80.158.47.134:7546', {
        rejectUnauthorized: false
    });

    ws.on('open', function open() {
        const web3 = new Web3(ws);
        web3.eth.getAccounts().then(e => console.log(e));
    });
});

However, I’m getting the following error:

(node:19165) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Use `node --trace-deprecation ...` to show where the warning was created)
events.js:291
      throw er; // Unhandled 'error' event
      ^

Error: write EPROTO 140019449694080:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:94:16)
Emitted 'error' event on WebSocket instance at:
    at ClientRequest.<anonymous> (/home/yahya/Documents/GitHub/wss-test/node_modules/ws/lib/websocket.js:551:15)
    at ClientRequest.emit (events.js:314:20)
    at TLSSocket.socketErrorListener (_http_client.js:469:9)
    at TLSSocket.emit (events.js:314:20)
    at emitErrorNT (internal/streams/destroy.js:100:8)
    at emitErrorCloseNT (internal/streams/destroy.js:68:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -71,
  code: 'EPROTO',
  syscall: 'write'
}

Any help, please?
Thanks

Reply Report

bobbyiliev November 3, 2020

Hi there @myahya,

Just noticed this reply here. Have you been able to get this to work?

Regards,
Bobby
Reply Report

Related

Question

How to proxy https to http and enable ssl?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

How to proxy https to http and enable ssl?

Related

Leave a comment

Related

question

Is both HTTP and HTTPS versions should be verified in Webmaster Tools?

question

my site i down please see http://www.cheri3a.com/

question

Can you clone your instance

question

How do I get a SSL certificate for my WSGI Flask server so it can send data over HTTPS?

Looking for something else?