Related

Tool NGINX Config Generator Tool
Is both HTTP and HTTPS versions should be verified in Webmaster Tools? Question Question
my site i down please see http://www.cheri3a.com/ Question Question

Question

How to proxy https to http and enable ssl?

Posted September 12, 2020 94 views
NginxServer OptimizationConfiguration Management

Hello everyone,

I have configured an app that communicated via websocket (ws) protocol.
I want to config this app over https but getting “mixed content error”:

** The app was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint.

Now I want to proxy https to http while enabling the SSL as well.

My current configs are:

server {
           listen 443;
           server_name verify.flexibilitaetsmarkt.de;

            ssl_certificate /etc/letsencrypt/live/verify.flexibilitaetsmarkt.de/fullchain.pem; # managed by Certbot
            ssl_certificate_key /etc/letsencrypt/live/verify.flexibilitaetsmarkt.de/privkey.pem; # managed by Certbot
            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

           ssl on;
           ssl_session_cache  builtin:1000  shared:SSL:10m;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;


            proxy_pass http://127.0.0.1:8000;
            proxy_read_timeout 86400;       

        }
    }



server {
    listen 8000;

    root /home/ubuntu/alf_poc/app;
    # Add index.php to the list if you are using PHP
    index index.html;

}

However, I’m still getting the same error.
Is there any help how can I proxy/redirect https to http and enable SSL as well?

Many thanks

Add a comment
myahya
By:
myahya
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
bobbyiliev September 13, 2020

Hi there @myahya,

As per the official Nginx documentaton, what I could suggest trying is to add the following extra proxy rules:

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

After that run a config test:

  • sudo nginx -t

And if you get Syntax OK, restart Nginx:

  • sudo systemctl restart nginx

Let me know how it goes!
Regards,
Bobby

Reply Report
  • myahya September 13, 2020

    Hi @bobbyiliev,

    Thank you for your help.

    I updated the configs according to your instructions, but still no luck. Getting the same “Mixed content” error.

    any other suggestion?

    thanks.

    Reply Report
    • bobbyiliev September 13, 2020

      Hi there @myahya,

      How is your WebSocket defined? Are you using wss:// or ws://?

      What I could suggest is changing ws:// to wss:// and give it a try again.

      Let me know how it goes!
      Regards,
      Bobby

      Reply Report
      • myahya September 13, 2020

        Hi @bobbyiliev,

        In my app, I’m using the endpoint like this:

        const web3 = new Web3 (‘ws://server-ip:7546’);

        The problem is that I can not use wss instead of ws.

        I already tried wss and its not working. I think I have to use some external libraries like “websocket’ and also need to use SSL inorder to make wss work.

        Any suggestion from your side, is there any better way to achieve this?

        Many thanks

        Reply Report
      • myahya September 15, 2020

        Hello @bobbyiliev,

        Thanks again.

        I have created a test script index.js as below:

        const https = require('https');
const fs = require('fs');
const WebSocket = require('ws');
const server = https.createServer({
    cert: fs.readFileSync('./cert/server.pem'),
    key: fs.readFileSync('./cert/server.key')
});

const wss = new WebSocket.Server({ server });

wss.on('connection', function connection(ws) {
    ws.on('message', function message(msg) {
        console.log(msg);
    });
});

server.listen(function listening() {
    const ws = new WebSocket('wss://80.158.47.134:7546', {
        rejectUnauthorized: false
    });

    ws.on('open', function open() {
        const web3 = new Web3(ws);
        web3.eth.getAccounts().then(e => console.log(e));
    });
});

        However, I’m getting the following error:

        (node:19165) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Use `node --trace-deprecation ...` to show where the warning was created)
events.js:291
      throw er; // Unhandled 'error' event
      ^

Error: write EPROTO 140019449694080:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:94:16)
Emitted 'error' event on WebSocket instance at:
    at ClientRequest.<anonymous> (/home/yahya/Documents/GitHub/wss-test/node_modules/ws/lib/websocket.js:551:15)
    at ClientRequest.emit (events.js:314:20)
    at TLSSocket.socketErrorListener (_http_client.js:469:9)
    at TLSSocket.emit (events.js:314:20)
    at emitErrorNT (internal/streams/destroy.js:100:8)
    at emitErrorCloseNT (internal/streams/destroy.js:68:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -71,
  code: 'EPROTO',
  syscall: 'write'
}

        Any help, please?
        Thanks

        Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help