Secure Node.js applications with LetsEncrypt certificate in the ISPConfig web folder.

Discussion in 'Tips/Tricks/Mods' started by abintipl, Apr 17, 2023.

  1. abintipl

    abintipl Member HowtoForge Supporter

    Hi,
    I have set up a new VPS according to https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
    I have a question about Letsencrypt configuration files,
    I have already enabled Let's Encrypt SSL under Websites & works fine with websites but now I am trying to install an application of node js & ask to set it up as under;

    For nodejs to be accessed using https, I must edit one of the server.js file of my application
    from
    const http = require('http')
    const server = http.createServer(app);

    to & should look like
    const https = require('https')
    const server = https.createServer({
    "key": fs.readFileSync("/path/your/key/ssl/xxx.pem"),
    "cert": fs.readFileSync("/path/your/cert/ssl/xxxx.pem"),
    }, app);

    My question is where do I find this path
    "/path/your/key/ssl/xxx.pem"

    I tried setting up in /var/www/clients/client1/web1 but could not do much on it

    Please help

    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The ssl certs of a website are in the folder /var/www/clients/client1/web1/ssl/
     
    abintipl likes this.
  3. abintipl

    abintipl Member HowtoForge Supporter

    Thank you!
     
  4. PatFoo

    PatFoo New Member

    I would suggest changing the title of this post to include something like:
    Secure Node.js applications with LetsEncrypt certificate in the web folder.
    My friend and I spent two days trying to figure this out ... and we did today before stumbling upon this post.
    We did try to use ProxyPass etc which did not work for us...and you can search the web with all relevant search terms and not find the answer.
    Here is what we used to successfully test:
    Code:
    var express = require('express');
    var https = require('https');
    var http = require('http');
    var fs = require('fs');
    var app = express();
    
    var options = {
      key: fs.readFileSync('/var/www/yourwebsite.tld/ssl/yourwebsite.tld-le.key'),
      cert: fs.readFileSync('/var/www/yourwebsite.tld/ssl/yourwebsite.tld-le.crt')
    };
    // var options = {}
    
    app.get('/', function(req, res){
      res.send('Hello World!');
    });
    
    http.createServer(app).listen(8880, function(err){
        if (err) console.log("Error in server setup")
        console.log("http Server listening on Port", 8880);
    })
    https.createServer(options, app).listen(8843, function(err){
        if (err) console.log("Error in server setup")
        console.log("https  Server listening on Port", 8843);
    })
    If this is wrong or unsafe or can be improved...please let me know.
    Thanks
     
    abintipl, ahrasis and till like this.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thank you for posting your solution. I've changed the thread title and moved it to the tips & tricks forum.
     
    ahrasis likes this.
  6. madmucho

    madmucho Member

    If you like proxy trafic from ispconfig site to backend nodejs application use this snippet apache directive which you can add in site options section. LE renewal is maintained by ispconfig itself backend app dont even know about that.
    replace backendip and backendport to fit your infrastructure. This example pass websocket traffic.

    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "ws://backendip:backendport/$1" [P,L]

    ProxyPass /.well-known/ !
    ProxyPass / http://backendip:backendport/
    ProxyPassReverse / http://backendip:backendport/
     
    ahrasis and till like this.

Share This Page