I just tried with http ans https to fetch data in the for of json from server, while I try with http its working fine but when I try with https getting error. Is there any way to handle "https" request if server is not cofigured with SSL.
no, there isn't any way if the server isn't configured to user SSL. However if you want TLS encryption you could use a SSH tunnel. If you can't configure your application to use SSL you could configure a http server like Apache or nginx to act as an SSL Proxy.
Related
Background:
I have my personal website running on a lighttpd server on my raspberry pi. I have that server’s port (80) forwarded so it can be accessed publicly.
I’m in the process of making a project, and I want a node.js service to make requests to from the lighttpd server. I set up pm2 so the node.js server is always running. I have that port forwarded too (5000). I've verified that this server is working via postman and the browser
Problem:
I'm receiving the following error when making requests:
has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space private.
Of note; I have Access-Control-Allow-Private-Network:true in the response header and Access-Control-Request-Private-Network:true in the request header. The only other solution I've found that might fix this is getting an SSL cert for the lighttpd server and using https for it, however I'm struggling setting that up to see if it would work
Questions:
Would getting an SSL cert for lighttpd allow me to make requests to my pm2 server?
Is there a different solution?
How secure is this setup? I don't expect a lot of traffic...
I am new at deploying web applications. I have set up a web server on Digital Ocean that is running on top of NGINX. Besides, I have a front application running on Netlify. The connection between the server and the web is not established (error 400) and I suspect a port problem.
I have double-checked the CORS policy, but my guess is that NGINX listens to port 80 for HTTP request (open), while Netlify automatically creates a SSL certificate which makes my requests go through the HTTPS protocol.
My question is: do I need to do anything else than setting up Nginx on the server side in such a way it listens to port 443 (HTTPS port), or do I need to generate another SSL certificate on the server side?
My intuition is option 1, but I feel lost with all these notions.
its CORS error, your Netlify HTTPS will not allow you to hit insecure HTTP API. You need to enable HTTPS on your droplet on Digital Ocean by providing a Domain Name to your application. Follow the link
I have website and some game server.
I have domain which I connect to Cloudflare.
I want to redirect non http/https traffic to my server IP because when I try to connect to server with domain I can't do this because of Cloudflare proxy.
Maybe it can be done differently?
I use Nginx.
Cloudflare has its own SSL configuration.
There are 4 options for you:
Off disables https completely
Flexible Cloudflare will automatically switch client requests from HTTP to HTTPS but it still points to port 80 on your nginx server, should not configure SSL on nginx in this case.
So the only options for you are Full or Full Strict (more restricted on the cert configured on nginx, must be a valid cert).
With Full you can configure your nginx with a self-signed SSL and let it go. Cloudflare will handle the part between client and its proxy server.
Suppose I want to use a combination of NGinX (probably another since it doesn't proxy HTTP/2 requests) and Hypercorn. As both can handle SSL certificate files, I wonder who is the best suited to do this for an HTTPS request. It is important to me that Hypercorn could listen to 443 port and I'm not sure it can do that without specifying certfile and keyfile parameters.
Well, that depend what you want to do.
The simpliest solution is to configure both to use SSL.
Nginx will receive the request, decipher it, process it, send it to Hypercom on port 443 as an HTTPS Client. Hypercom will get the request as any normal HTTPS client.
If your goal is security : go with both
If your goal is just to not
have hypercom expose directly, you can configure it to not use SSL
Nginx support by default proxying request to an HTTPS upstream so that's the best solution I think. However, you might need to play with setting http-header for hypercom to correctly understand who's the client by playing with X-Forwarded-For, X-Forwarded-Host and any headers that might be needed by Hypercom.
I am trying to setup a reverse proxy using IBM HTTP server and what I want to do is that user will hit a HTTP url to my reverse proxy server that will forward request internally to HTTPs server.
HTTP Address <--> Reverse Proxy (IBM HTTP Server) <--> HTTPS server (https://example.com)
In my configuration I have enabled mod_proxy & mod_proxy_http and configured below ProxyPass
Proxypass / https://example.com
But I am unable to configure it. I am getting error:
proxy: HTTPS: failed to enable SSL support for example.com
Anybody help what I might be doing wrong. I have also already loaded below modules:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Thanks
You need to specify a KeyFile and SSLProxyEngine ON.
Caveat:
However, generally IBM HTTP Server uses the WebSphere WebServer Plug-in as a websphere-specific HTTP reverse proxy plugin that doesn't share any of this configuration.
Most people use IBM HTTP Server because it's supported by IBM, but it's only supported by IBM when you use it in a way prescribed by a product that bundled it. That's rarely w/ mod_proxy.