Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL on Google Compute Engine with nodejs

Summary:

I'm trying to set-up a Node.js server on Google's Compute Engine (GCE) to work with HTTPS, but the remote server doesn't seem to respond when accessed through https://....

What I tried so far:

I've acquired a certificate from Comodo, put it on the backend, included it in the code, and created an HTTPS server as follows:

var app = express();
var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('server.key'),
  cert: fs.readFileSync('server.crt'),
};

...
        https.createServer(options,app).listen('443',function(){
                console.log('https ready')
        });

I've also added the following firewall rule:

gcloud compute firewall-rules create allow-https --description "https server" --allow tcp:443
--format json

When I run the server on my local machine and try accessing it using https://localhost:443 through Chrome, I get the expected:

This server could not prove that it is localhost; its security certificate is from www.domain_name.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

Meaning the server is properly configured to be able to recognize the https request, but since the certificate does not belong to localhost, it results in a warning.

The problem:

When I run the same code on my GCE instance, which runs on the domain name associated with the certificate, I get no response from the server. Moreover, according to tcpdump there is incoming https traffic on the correct port:

tcpdump output for my case

I ran netstat -ltnp with the following results:

  • When I run the server with https configuration shown above, there is no record for the 443 port.

  • When I run the server with http configuration on port 8080 there is a record for that port and everything is working fine.

  • When I run the server with http AND https configurations (listening to port 8080 and port 443), there is no records for either and there is no response from the server at all...

My question is: How can I get my GCE instance to respond to https requests? What else should I do or test?

I found several questions on this topic (q1 ,q2, q3, q4), and it seems I did everything that was recommended there, yet my problem still remains.

like image 920
Aralizer Avatar asked Nov 06 '15 12:11

Aralizer


People also ask

Does GCP support node JS?

Google Cloud lets you choose the best environment to run your Node. js applications, with options for serverless, Kubernetes, VMs, or custom hardware.

Can you create an https Web server with node js?

To built an HTTPS server with nodeJs, we need an SSL (Secure Sockets Layer) certificate. We can create a self-signed SSL certificate on our local machine.


1 Answers

Probably you are running the server as a non root user and it fails to bind to port 443 (which is a privileged port).

like image 187
Andreas Veithen Avatar answered Oct 14 '22 04:10

Andreas Veithen