0

I'm very new to Nginx and I'm feeling like a monkey trapped inside a nuclear power plant facility — nothing makes any sense — and I desperately want to get some bananas.

Anyway, I'm using Nginx server for handling SSL and proxying all requests to the NodeJS app. Everything works just fine except for WebSockets. The client gives me an ERR_INSECURE_RESPONSE error. The server is live. What am I missing? What would you advice?

NodeJS

const express = require('express') const app = express() const server = require('http').Server(app) const io = require('socket.io')(server) app.use(express.static('../app')) io.on('connection', (socket) => { console.log('CONNECTED') }) server.listen(5000)

Nginx config (taken from this tutorial Deploying a NodeJS app with ssl)

# HTTP — redirect all traffic to HTTPS server { listen 80; listen [::]:80 default_server ipv6only=on; return 301 https://$host$request_uri; } # HTTPS — proxy all requests to the Node app server { # Enable HTTP/2 listen 443 ssl http2; listen [::]:443 ssl http2; server_name olmeo.us; # Use the Let’s Encrypt certificates ssl_certificate /etc/letsencrypt/live/olmeo.us/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/olmeo.us/privkey.pem; # Include the SSL configuration from cipherli.st include snippets/ssl-params.conf; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:5000/; proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; } }

SSL config (include snippets/ssl-params.conf)

# See https://cipherli.st/ for details on this configuration ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; # Add our strong Diffie-Hellman group ssl_dhparam /etc/ssl/certs/dhparam.pem;

Client

io.connect('https://52.29.55.217')
Improve this question
2
  • 1
    Why do you use an IP address in your URL instead of the hostname you have in your configuration? And, in case using the IP address is really the correct way - is the IP address contained in the certificate served when accessing this URL? Commented Jul 14, 2017 at 9:09
  • Steffen Ullrich, sir, I believe this is exactly what was causing the problem. I will test it later and post an answer here. Thank you! Commented Jul 14, 2017 at 9:35

1 Answer 1

Reset to default
2

Your SSL certificate is likely provided for a given domain, not for the IP address and you are using the IP and not a domain to connect:

io.connect('https://52.29.55.217')

Unless your certificate includes that IP address in the list of hosts that it covers (highly unlikely) then this will not work. Try it with the exact domain name that was used while creating the certificate with Let's Encrypt (not a subdomain, not an IP, the exact domain name).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.