Background:
I have my personal website running on a lighttpd server on my raspberry pi. I have that server’s port (80) forwarded so it can be accessed publicly.
I’m in the process of making a project, and I want a node.js service to make requests to from the lighttpd server. I set up pm2 so the node.js server is always running. I have that port forwarded too (5000). I've verified that this server is working via postman and the browser
Problem:
I'm receiving the following error when making requests:
has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space private.
Of note; I have Access-Control-Allow-Private-Network:true in the response header and Access-Control-Request-Private-Network:true in the request header. The only other solution I've found that might fix this is getting an SSL cert for the lighttpd server and using https for it, however I'm struggling setting that up to see if it would work
Questions:
Would getting an SSL cert for lighttpd allow me to make requests to my pm2 server?
Is there a different solution?
How secure is this setup? I don't expect a lot of traffic...
Related
My program sends http requests to https://auth.riotgames.com/api/v1/authorization server. As I understand it, cloudflare is installed there, which blocks my requests by issuing a 403 status code.
But the problem is that if I run the Http Debugger (https://www.httpdebugger.com/) the server responds fine. This is independent of the use of a proxy. Might have something to do with the certificates as I tried to connect with Fiddler installed on another machine (with Http Debugger running on my machine) and if Fiddler decrypts the http traffic it starts responding with 403, and if it doesn't decrypt it responds fine.
With Http Debugger:
With Http Debugger and Fiddler on another machine:
If it's not clear, ask questions. I will be glad to any suggestions, for me it is very important.
I am new at deploying web applications. I have set up a web server on Digital Ocean that is running on top of NGINX. Besides, I have a front application running on Netlify. The connection between the server and the web is not established (error 400) and I suspect a port problem.
I have double-checked the CORS policy, but my guess is that NGINX listens to port 80 for HTTP request (open), while Netlify automatically creates a SSL certificate which makes my requests go through the HTTPS protocol.
My question is: do I need to do anything else than setting up Nginx on the server side in such a way it listens to port 443 (HTTPS port), or do I need to generate another SSL certificate on the server side?
My intuition is option 1, but I feel lost with all these notions.
its CORS error, your Netlify HTTPS will not allow you to hit insecure HTTP API. You need to enable HTTPS on your droplet on Digital Ocean by providing a Domain Name to your application. Follow the link
I wrote a proxy server which works well. But when looking at the log, there are some weird requests like:
POST https://vortex.data.microsoft.com/collect/v1 HTTP/1.1
Also some GET over https. I think only CONNECT is allowed over https, am I wrong? If I am wrong, how to deal with these request? (I just dropped these requests in my app.)
Another thing maybe unrelated is all these requests are related to microsoft from the log.
There isn't any problem handling any HTTP Method with HTTPS within a proxy.
All the requests with https://-protocol will be automatically received and sent to port 443 if not indicated otherwise.
Independently if you have a server where you deployed a HAProxy, NGINX, Apache Web Server or that you literally wrote a proxy like this one in JavaScript, only thing you have to do is to literally proxy the requests to the destination server address.
Regarding the encryption, precisely HTTPS ensures that there are no eavesdroppers between the client and the actual target, so the Proxy would act as initial target and then this would transparently intercept the connection.
Client starts HTTPS session to Proxy
Proxy intercepts and returns its certificate, signed by a CA trusted by the client.
Proxy starts HTTPS session to Target
Target returns its certificate, signed by a CA trusted by the Proxy.
Proxy streams content, decrypt and re-encrypt with its certificate.
Basically it's a concatenation of two HTTPS sessions, one between the client and the proxy and other between the proxy and the final destination.
I am facing a secure connection conflict as some of my videos are hosted on Kaltura (http) while the site is hosted on Heroku (HTTPS). Can you guys/girls advise on how to resolve this conflict?
You can make a proxy in your Heroku backend. The steps would be:
The video request is sent through HTTPS protocol to the proxy.
The proxy receive the request, parse it, and fetch corresponding video through HTTP from Kaltura.
The proxy return video data to browser.
I am not sure how to formulate my question but here we go:
I have 2 servers, one is the nginx reverse proxy and one is the app server.
In my app server, I am developing a simple http client using jerseyclient that will send a request to another server. I can do this now but the traffic goes from the app server and directly to the destination. Is it possible to it from the app server, passes through the reverse proxy server and goes to the destination?
And, is this design ok or is it an abomination?
nginx reverse proxy works only for requests outside your network.
To configure your system works as you described you have to configure firewall NAT or caching HTTP proxy like squid etc.
If you have no reasons why your servers should look as single computer - your configuration is OK.