problem starting server when i change protocol http to https

35 views
Skip to first unread message

marti...@gmail.com

unread,
Jul 25, 2016, 9:07:06 AM7/25/16
to DemocracyOS/app
Hi Team

I'm trying run democracyos service with https protocol on port 4443 but the starting are not working


I think the problem may be that first instance up on port 3000 (http) and then tries to run the HTTPS request and throws Error

When I execute "make run" i have this error

*****SERVER LOG******

democracyos:notifier:transports Initializing nodemailer API client +9ms
democracyos:server Server started at port 3000. +6ms
democracyos:server Server started at port 4443. +0ms
/home/propuestas-fg/node_modules/async/lib/async.js:43
if (fn === null) throw new Error("Callback was already called.");
^

Error: Callback was already called.
at /home/propuestas-fg/node_modules/async/lib/async.js:43:36
at /home/propuestas-fg/node_modules/async/lib/async.js:723:17
at /home/propuestas-fg/node_modules/async/lib/async.js:167:37
at Server.<anonymous> (/home/propuestas-fg/lib/server/index.js:32:15)
....

***** MY CONFIGS *****
My enviroment
NODE=production

My production File
config/production.json

"locale": "es",
"protocol": "https",
"host": "xxxxx",
"port": 3000,
"mongoUrl": "mongodb://localhost/DemocracyOS-dev",
"mongoUsersUrl": "",
"jwtSecret": "xxxxxxxxx",
"corsDomains": [],
"signinUrl": "",
"signupUrl": "",
"settingsUrl": "",
"staff": [
"xxxxx...@gmail.com"
],
"allowEmailAliases": true,
"facebookSignin": false,
"publicEmails": false,
"auth": {
"basic": {
"username": "",
"password": ""

},
"facebook": {
"clientID": "5xxxxx",
"clientSecret": "25xxxxx",
"permissions": [ "ad...@xxxxxxx.com" ]
}
},
"https": {
"serverKey": "server.key",
"serverCert": "server.cert",
"port": 4443,
"redirect": "normal"
},
.....


NOTE: with protocol http the service work correctly

Sorry for my english :)

Regards!

Guido Vilariño

unread,
Jul 25, 2016, 12:48:33 PM7/25/16
to marti...@gmail.com, DemocracyOS/app
Have you generated and properly placed your public/private certificates?


--
You received this message because you are subscribed to the Google Groups "DemocracyOS/app" group.
To unsubscribe from this group and stop receiving emails from it, send an email to democracyos-a...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Martin Russo

unread,
Jul 25, 2016, 1:45:19 PM7/25/16
to Guido Vilariño, DemocracyOS/app
HI Guido
Yes, server.cert and server.key are  OK  :(
--
Ing. Martin Russo

Matías Lescano

unread,
Jul 26, 2016, 3:49:32 PM7/26/16
to DemocracyOS/app, gvil...@gmail.com, marti...@gmail.com
HI!

I've been able to reproduce the error only on ubuntu, really weird, but I'm not sure why it's happening. Didn't have the error on Docker, nor OSX.

As a quick solution, and also a good recommendation for production, is to use Nginx as a proxy server. Also, you will avoid to use node as an SSL server.


And, a very basic nginx.conf with SSL, supposing your DemocracyOS folder is on /usr/src

upstream node {
  server 127.0.0.1:3000;
  keepalive 30;
}

# Remove www.
# server {
#   listen          80;
#   server_name     www.domain.com;
#   return          301 $scheme://domain.com$request_uri;
# }

# Force SSL
server {
  listen 80;

  server_name domain.com;

  return 301 https://domain.com$request_uri;
}

server {
  # SSL configuration
  listen 443 ssl;

  # cert files
  ssl_certificate /usr/src/ssl/server.crt;
  ssl_certificate_key /usr/src/ssl/server.key;

  server_name domain.com;
 
  # Serve static assets 
  root /usr/src/public;

  location /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  # Directives to send expires headers and turn off 404 error logging.
  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    log_not_found off;
  }

  location @proxy_to_node {
    proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://node;
  }

  location / {
    add_header X-Frame-Options "SAMEORIGIN";
    
    # Only allow needed METHODs
    if ( $request_method !~ ^(GET|POST|HEAD|PUT|DELETE|OPTIONS)$ ) {
      return 405;
    }

    try_files $uri @proxy_to_node;
  }
}



Guido Vilariño

unread,
Jul 29, 2016, 4:06:16 PM7/29/16
to Matías Lescano, DemocracyOS/app, Martin Russo
My guess is that your `node` process doesn't have enough permissions to read the cert files. Also, I'd recommend the approach suggested by Matías

Martin Russo

unread,
Jul 29, 2016, 4:58:15 PM7/29/16
to Guido Vilariño, Matías Lescano, DemocracyOS/app
Ok Perfect ! i will  try nginx ! thanks for all!
--
Ing. Martin Russo
Reply all
Reply to author
Forward
0 new messages