0

gun 0.8.8, Node.js-to-Node.js, Node.js-to-browser

I see the following error in browser console:

VM103:161 WebSocket connection to 'wss://127.0.0.1:8080/gun' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE
VM103:161 WebSocket connection to 'wss://10.42.0.56:8080/gun' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

And there are no messages on Node.js side.

Sorce code of my server:

const Hapi = require('hapi');
const Gun = require('gun');
const pem = require('pem');

pem.createCertificate({ days: 1, selfSigned: true }, function (err, keys) {
  if (err) {
    throw err
  }
  const server = new Hapi.Server;

  var tls = {
    key: keys.serviceKey,
    cert: keys.certificate
  };

  server.connection({
    port: 8080,
    tls
  });

  server.connections.forEach(c => Gun({ web: c.listener, file: 'data.json' }));

  server.route({
    method: 'GET',
    path: '/',
    handler: function (request, reply) {
      reply('Server works!');
    }
  });

  server.start();
})
srgbnd
  • 5,404
  • 9
  • 44
  • 80
  • `ERR_CONNECTION_REFUSED` sounds like there's nothing listening on that port, not a certificate issue… – helb Oct 24 '17 at 15:42
  • @helb sorry, copied wrong lines, I've updated the question. I have two peers, one is enabled another disabled. – srgbnd Oct 24 '17 at 16:05
  • 1
    I'm afraid the only options are either installing the generated certificate to your browser, or telling it to trust the "insecure" connection. For Chrome it's `--ignore-certificate-errors` option, obviously insecure and for development/testing purposes only (and it [doesn't work in headless mode (yet?)](https://bugs.chromium.org/p/chromium/issues/detail?id=721739)). – helb Oct 24 '17 at 16:15
  • @helb where exactly in Chrome should I put `--ignore-certificate-errors` key? – srgbnd Oct 24 '17 at 16:28
  • As a parameter to Chrome binary when launching it. The exact way to do it depends on you operating system and desktop environment. This should help: https://www.chromium.org/for-testers/command-line-flags – helb Oct 24 '17 at 16:32
  • Certificate management is always such a pain, I know very little about it myself. Some other people were recommending having you guys potentially just use LetsEncrypt certificates to bypass having to trick Chrome into accepting self-signed certs? That way you'd have a free certificate that is legitimate that Chrome would accept. Maybe that would work? – marknadal Oct 24 '17 at 19:37
  • @marknadal yup, but you'll need a domain – letsencrypt (or any other CA) won't give you a cert for `localhost` or `10.42.0.56`… – helb Oct 24 '17 at 22:53
  • @helb You are right, a user should accept the self-assigned certificate in browser. But the certificate should be accepted in Node.js too. There is an option for this: `process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';` Now my setup works! – srgbnd Oct 25 '17 at 10:11
  • 1
    @trex that is great to hear! Would you mind answering your own question with a link to Lorenzo's letsencrypt-gun repo + that NodeJS option? – marknadal Oct 25 '17 at 17:48

1 Answers1

1

In order to make gun work with a self-signed certificate you need two things:

  1. Lunch browser ignoring the certificate errors. For example, Chrome

    google-chrome --ignore-certificate-errors

  2. Put the following process option in Node.js code

    process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

    or add the environment variable

    export NODE_TLS_REJECT_UNAUTHORIZED=0

srgbnd
  • 5,404
  • 9
  • 44
  • 80