[+] Help : Configuring TLS LetsEncrypt

Question

[+] Help : Configuring TLS LetsEncrypt

arbazkiraak opened this issue 6 years ago · comments

I have followed each & every step carefully,but i'm having a problem while running it over SSL.
I have tried https://gist.github.com/davestevens/c9e437afbb41c1d5c3ab#nodejs app and it works fine over https which states my letsencrypt config are ok.
config.js

const config = {};

//config.twilio = {};
config.gmail = {};
config.slack = {};
config.letsEncrypt = {};

config.port = process.env.PORT || 3030;
config.url = process.env.url || 'mydomain.me';
// used to split the results (dont remove)
config.boundary = process.env.boundary || '#!!!!#';

// Set to false by default (would recommend reverse proxy instead)
config.letsEncrypt.TLS = true;
config.letsEncrypt.publicKey = process.env.publicKey || '/etc/letsencrypt/live/mydomain.me/fullchain.pem';
config.letsEncrypt.privateKey = process.env.privateKey || '/etc/letsencrypt/live/mydomain.me/privkey.pem';
config.letsEncrypt.ca = '/etc/letsencrypt/live/mydomain.me/chain.pem';

// Remove if you dont' want Twilio
//config.twilio.accountSid = process.env.accountSid || '';
//config.twilio.authToken = process.env.authToken || '';
//config.twilio.to = process.env.twilioTo || ['']; // add additonal numbers with comma seperation e.g '+447000000', ''
//config.twilio.from = process.env.twilioFrom || '';

// Remove if you dont want Slack
config.slack.token = process.env.token || 'xoxp-xxxxx-xxxx-xxxxx-xxxxxxxxxx';
config.slack.channel = process.env.slackChannel || 'general';

// Remove if you dont want Gmail
config.gmail.user = process.env.gmailUser || 'xxxxxxx.xxxxxx@gmail.com';
config.gmail.pass = process.env.gmailPass || 'xxxx';
config.gmail.to = process.env.gmailTo || ['xxxxxxxx@gmail.com']; // add additonal emails with comma seperation '', ''
config.gmail.from = process.env.gmailFrom || 'xxxxxxxxx@gmail.com';


module.exports = config;

Upon running it, App is running over http://mydomain.me:3030 but over https:// returns connections refused.
Please let me know if i'm missing something.

Thanks ~

Lewis · Answer 1 · Thu Nov 08 2018 00:44:52 GMT+0800 (China Standard Time)

This is because you need to go to https://mydomain.me:8443 -- if you want to run it on 443, you would need to run as high privilege which i do not recommend and change the value from 8443 -- https://github.com/LewisArdern/bXSS/blob/dev/app.js#L20. What I recommend you doing is setting up a reverse proxy with a web server and then you can forward the traffic to the application.

Lewis · Answer 2 · Thu Nov 08 2018 00:45:29 GMT+0800 (China Standard Time)

I should probably update the port in the app.js but i'm currently working on a dev branch so i will add it to those changes when i'm done, let me know if this resolves your problem or if I can assist further.

Arbaz Hussain · Answer 3 · Thu Nov 08 2018 01:27:29 GMT+0800 (China Standard Time)

Thanks @LewisArdern