0

I'm trying to access an express.js node server I'm hosting on GCP and I'm getting this error:

This site can’t provide a secure connection
<server ip> sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

I looked at another stack overflow answer and they said to edit default-allow-internal in the network tab to allow all, my network tab looks like this now: enter image description here

My server starts fine and I know the logic inside works (it contains a scraper that logs to the console every time it runs and I can see it's succeeding there) But I can't access it via it's external IP https://<ip>:8000

Brace Sproul
  • 593
  • 1
  • 5
  • 15
  • Can you edit your question to include your relevant SSL config? – Zac Anger Jan 05 '23 at 01:53
  • I haven't done anything with SSL for this VM, mainly the reason for this question. Do you know of any sources that explain how to set this up? If it helps I own a domain via google domains that has a valid SSL certificate linked to it. – Brace Sproul Jan 05 '23 at 01:54
  • You have a lot of options. If you want to terminate ssl at your server, you could do it as in [this example](https://stackoverflow.com/questions/65637645/disable-tls-1-0-1-1-or-only-use-tls-1-2-and-greater-in-node-js-express/65637737#65637737). I usually recommend setting up Nginx (or Caddy, or some other proxy server) though. Or, if you're okay with paying a little bit more to GCP, the ideal option would be to use a [Load Balancer](https://cloud.google.com/load-balancing/). Since your cert was provisioned through Google, that might be the easiest option, as well. – Zac Anger Jan 05 '23 at 01:57

1 Answers1

2

As @Zac Anger suggested the easiest option is to use Load Balancer for terminating SSL at your server.

As given in the document:

HTTP(S) load balancing can balance HTTP and HTTPS traffic across multiple backend instances, across multiple regions. Your entire app is available via a single global IP address, resulting in a simplified DNS setup. HTTP(S) load balancing is scalable, fault-tolerant, requires no pre-warming, and enables content-based load balancing. For HTTPS traffic, it provides SSL termination and load balancing.

To terminate SSL follow the below steps:

  1. Create an instance group that has at least 1 live instance.

  2. Create http load balancer with the following:

    1. Upload a SSL certificate.

    2. Create a backend service to point to the instance group. Make sure the protocol is HTTP.

    3. Create a target https proxy with the certificate you uploaded.

    4. Finally, create a global forwarding rule that points HTTPS to the target proxy you created before.

Fariya Rahmat
  • 2,123
  • 3
  • 11