Re: node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan <kaushalshriyan@xxxxxxxxx>]

Hi Frank,

Thanks for the quick response. I will appreciate it if you can help me understand by considering the below directive. I am not sure about placing $1 to the target. Any examples which will be easy to understand?

ProxyPass /index.html !
ProxyPassMatch ^/(.+) http://localhost:3000/

Please suggest further and guide me. Thanks in advance.

Best Regards,

Kaushal

On Sun, Jul 2, 2023 at 9:31 PM Frank Gingras <thumbs@xxxxxxxxxx> wrote:

Try adding $1 to the target to use the captured value.

Also, depending on the response from the backend, you may need a ProxyPassReverse directive.

On Sun, Jul 2, 2023 at 11:41 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

Hi Frank,

When I set the below in /etc/httpd/conf.d/phpnodejs.conf. When I hit https://phpnodejs.mydomain.com which is the html content, the images are broken and unable to load _javascript_, CSS etc...

        ProxyPass /index.html ! 
        ProxyPassMatch ^/(.+) http://localhost:3000/

#cat /etc/httpd/conf.d/phpnodejs.conf

<VirtualHost *:80>
    ServerName phpnodejs.mydomain.com
    Redirect / https://phpnodejs.mydomain.com/
 </VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/htmlcode
        DirectoryIndex index.html
        ServerName phpnodejs.mydomain.com
        Header add Access-Control-Allow-Origin "*"
        LogLevel debug
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/phpnodejs.mydomain.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/phpnodejs.mydomain.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/phpnodejs.mydomain.com/chain.pem
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
        ProxyPass /index.html !
        ProxyPassMatch ^/(.+) http://localhost:3000/
</VirtualHost>

Please guide me. Thanks in advance.

Best Regards,

Kaushal

On Sun, Jul 2, 2023 at 8:57 PM Frank Gingras <thumbs@xxxxxxxxxx> wrote:

^/(.+) will already match /demo, why are you changing the _expression_?

On Sun, Jul 2, 2023 at 10:42 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

Hi Frank,

Thanks a lot. It worked perfectly. I have a follow up question for /demo path (as part of node.js code so /demo has all nodejs code) just as an improvement . I modified the ProxyPassMatch directive as per the below example and it returned http 404. 

ProxyPassMatch ^/demo(.+) http://localhost:3000/ 

Am I missing anything? Apologies for bugging you. 

Please guide me. Thanks in advance.

Best Regards,

Kaushal

On Sun, Jul 2, 2023 at 8:00 AM Frank Gingras <thumbs@xxxxxxxxxx> wrote:

This thread is getting very tiresome. So, let's summarize:

- You want to request /, serve index.html

- For all other requests, proxy internally

As such, keep the ProxyPass /index.html ! for clarity and change your existing ProxyPass directive to:

ProxyPassMatch ^/(.+) http://localhost:3000/

In short, this means that requesting / will not match, and requesting /foo will proxy.

On Sat, Jul 1, 2023 at 9:22 PM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

On Sun, Jul 2, 2023 at 6:20 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

On Sun, Jul 2, 2023 at 6:14 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

On Sat, Jul 1, 2023 at 7:50 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

Hi Frank,

Thanks for the email response and much appreciated. I added the ProxyPass /index.html !  directive in /etc/httpd/conf.d/phpnodejs.conf 

#cat /etc/httpd/conf.d/phpnodejs.conf

<VirtualHost *:80>

    ServerName phpnodejs.mydomain.com
    Redirect / https://phpnodejs.mydomain.com/
 </VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/htmlcode
        ServerName phpnodejs.mydomain.com
        Header add Access-Control-Allow-Origin "*"
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/phpnodejs.mydomain.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/phpnodejs.mydomain.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/phpnodejs.mydomain.com/chain.pem
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

        ProxyPass /index.html !
        ProxyPass / http://localhost:3000/
</VirtualHost>

# apachectl configtest
Syntax OK
#apachectl -S

VirtualHost configuration:
*:80                   phpnodejs.mydomain.com (/etc/httpd/conf.d/phpnodejs.conf:1)
*:443                  phpnodejs.mydomain.com (/etc/httpd/conf.d/phpnodejs.conf:5)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

#

when I hit https://phpnodejs.mydomain.com/ it still points to the nodejs server.js file located in /var/www/html/nodejssl. For testing purposes, I stopped the node js code to execute. I get the below message on the browser which is expected behaviour. 

I am still unable to render the index.html file from the document root in /var/www/html/htmlcode which I created a new folder for testing purposes.  

Please suggest and guide me. Thanks in advance.

Best Regards,

Kaushal

Hi,

I have referred to https://httpd.apache.org/docs/2.4/mod/mod_dir.html by adding DirectoryIndex index.html directive in 443 virtualhost. The issue still persists.

#cat /etc/httpd/conf.d/phpnodejs.conf

<VirtualHost *:80>

    ServerName phpnodejs.mydomain.com
    Redirect / https://phpnodejs.mydomain.com/
 </VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/htmlcode

        DirectoryIndex index.html
        ServerName phpnodejs.mydomain.com
        Header add Access-Control-Allow-Origin "*"
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/phpnodejs.mydomain.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/phpnodejs.mydomain.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/phpnodejs.mydomain.com/chain.pem
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

        ProxyPass /index.html !
        ProxyPass / http://localhost:3000/
</VirtualHost>

Please suggest further and guide me. Thanks in advance.

Best Regards,

Kaushal

Further to the earlier email, I am sharing the log files. 

#cd /var/log/httpd/

#pwd

/var/log/httpd

# cat access_log
172.16.16.45 - - [02/Jul/2023:06:17:19 +0530] "GET / HTTP/1.1" 200 11 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0"
172.16.16.45 - - [02/Jul/2023:06:17:58 +0530] "GET /nodejssl/server.js HTTP/1.1" 200 11 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0"
172.16.16.45 - - [02/Jul/2023:06:18:03 +0530] "GET / HTTP/1.1" 200 11 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0"
# cat error_log
[Sun Jul 02 06:17:14.849472 2023] [suexec:notice] [pid 31795:tid 31795] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jul 02 06:17:14.880212 2023] [ssl:warn] [pid 31795:tid 31795] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Sun Jul 02 06:17:14.881405 2023] [http2:warn] [pid 31795:tid 31795] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun Jul 02 06:17:14.882256 2023] [lbmethod_heartbeat:notice] [pid 31795:tid 31795] AH02282: No slotmem from mod_heartmonitor
[Sun Jul 02 06:17:14.887938 2023] [mpm_prefork:notice] [pid 31795:tid 31795] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Jul 02 06:17:14.887993 2023] [core:notice] [pid 31795:tid 31795] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

# 

Best Regards,

Kaushal

Hi,

I have enabled debug logging by adding LogLevel debug in 443 virtualhost. 

#cat /etc/httpd/conf.d/phpnodejs.conf

<VirtualHost *:80>

    ServerName phpnodejs.mydomain.com
    Redirect / https://phpnodejs.mydomain.com/
 </VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/htmlcode

        DirectoryIndex index.html
        ServerName phpnodejs.mydomain.com
        Header add Access-Control-Allow-Origin "*"

        LogLevel debug
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/phpnodejs.mydomain.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/phpnodejs.mydomain.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/phpnodejs.mydomain.com/chain.pem
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

        ProxyPass /index.html !
        ProxyPass / http://localhost:3000/
</VirtualHost>

debug apache error log file -> http://sprunge.us/kndkvL 

Please suggest further and guide me. Thanks in advance. 

 

Best Regards,

Kaushal