0

I am using nodejs https module with nginx proxy. I have multiple ssl certificate and I want to run all https sites using node without adding all certificates in nginx ssl server.

Is any way to proxy nodejs server to 443 port without adding certificates to nginx. all certificates are using inside nodejs https server.

I want,

var privateKey  = fs.readFileSync('/myssl.key', 'utf8');
var certificate = fs.readFileSync('/myssl.crt', 'utf8');

var credentials = {key: privateKey, cert: certificate};

var server = express();
server.use(express.vhost('*', app));
var https = require('https');
https.createServer(credentials, express.vhost('*', app)).listen(8020);

here 8020 is proxying with nginx 443 port but nginx required ssl certificate but I want to run this ssl without adding it to nginx level.

or any other method I can use Please guide me its the wierd issue for me.Or any other way to use elastic load balancer for all ssl certificates.

Thanks in advance, Vijay

Alexey Ten
  • 8,435
  • 1
  • 34
  • 36
user1903724
  • 1
  • 2
  • Handling ssl in node means nginx won't be able to parse request and act as a proxy. So what will it do at all? – Alexey Ten Dec 25 '14 at 08:07
  • Actually I have multiple domains running on same nodejs and as you know 443 port is not available for non-root user in linux system. When I run nodejs in port 443 using sudo it doesnt require any proxy and https is working fine but using nginx proxy to nodejs on 443 port it require ssl certificates on nginx then how can I handle all the ssl certificates in same server it need the different virtual hosts for all domains which I never want. If its possible through ELB please guide me. – user1903724 Dec 25 '14 at 08:53
  • Well, so why don't you just run node on 443 with sudo? – Alexey Ten Dec 25 '14 at 09:00
  • As I can see, you have one certificate for all domains. So you'll need one server block in nginx config. – Alexey Ten Dec 25 '14 at 09:03
  • no here is only one certificate added as example I have http://stackoverflow.com/questions/12219639/is-it-possible-to-dynamically-return-an-ssl-certificate-in-nodejs which guide me to add multiple domain certificate thats why I need it. – user1903724 Dec 25 '14 at 10:16
  • and for the running node as sudo how can I run pm2 which is a node running driver is not running as sudo. – user1903724 Dec 25 '14 at 10:18
  • One option that you can try is using HAProxy in TCP mode and SNI. See [their blog page](http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/) for example scenario. And for nginx option, nginx doesn't support application routing if nginx can decrypt the packet (i.e. the SSL certificate wasn't provided). – masegaloeh Dec 25 '14 at 12:42
  • I would advise you to change your configuration and let Nginx handle all SSL virtual hosting and certificates, for security reasons. But if you insists on having NodeJS do it, you should just forward port 443 to it, without passing through Nginx. One option is to use your OS's firewall NAT rules, another is running a TCP proxy like Socat, which can forward traffic from one port (and socket type) to another. – Tobia Dec 26 '14 at 00:50
  • Besides, you should know that SSL virtual hosting relies on the SNI extension, which is not supported on some older clients and OSs, notably Windows XP. Its users will see a nasty security error instead of your sites, for all but one domain. – Tobia Dec 26 '14 at 00:53

0 Answers0