https dosen't work

Question

https dosen't work

sasivarunan opened this issue 10 years ago · comments

my dir includes
Dockerfile app.yaml package.json server.js static
and static dir has crt and key files

app.yaml has
handlers:

url: /(..(html|css|key|crt))
static_files: static/\1
upload: static/(..(html|css|key|crt))
url: .*
script: app.js

I'm taking options value for https as referred here http://nodejs.org/api/https.html
var options = {
key: fs.readFileSync('static/ssl.key'),
cert: fs.readFileSync('static/ssl.crt')
};
var secureServer = require('https').createServer(options,app).listen(8443);
var server = require('http').createServer(app).listen(8080);
app.get('/', function(req, res) {
res.send('Hello, world ');
});

if i try node server.js
https://localhost:8443 works fine (Identity not verified, as i'm running locally)

but when i try to run this in gcloud preview app run .
only localhost:8080 works https doesn't. (no webpage found.)
How do i get this working? Thanks

Roberto Chinnici · Answer 1 · Thu Sep 25 2014 06:23:28 GMT+0800 (China Standard Time)

https works a bit differently in appengine. See https://cloud.google.com/appengine/docs/python/config/appconfig#Python_app_yaml_Secure_URLs.

In server.js, you should expose everything via port 8080. Then in the app.yaml file you can mark certain urls (or all of them) as "secure: always". If you do that, when you deploy your app in production, it'll require clients to go through https.

sasivarunan · Answer 2 · Sat Sep 27 2014 04:41:14 GMT+0800 (China Standard Time)

If i expose only 8080 and if i try to connect socketIO using
socket = io("https://mydomain.appspot.com")
I'm getting
wss://mydomain.appspot.com/socket.io/?EIO=2&transport=websocket&sid=-jBxksFbPh-A-MpiAAAA' failed: Error during WebSocket handshake: Unexpected response code: 400
Reason im getting this error is:
I'm listening only to 8080 inside the js code not 8443
var server = require('http').createServer(app).listen(8080);
If i want to listen 8443, i should pass option parameters with ssl files. But this same setup works in compute engine!

Is there any other way i can serve the key files in appengine?
var options = {
key: fs.readFileSync('static/ssl.key'),
cert: fs.readFileSync('static/ssl.crt')
};

Roberto Chinnici · Answer 3 · Tue Sep 30 2014 07:56:24 GMT+0800 (China Standard Time)

You're getting an error during the handshake because the App Engine frontend does not support web sockets. Did you manage to serve the key files over https?

In Managed VMs, you can use web sockets, but to do so you have to change the firewall configuration to allow traffic on the specific port you want to use. It's pretty much the same thing you'd do on Compute Engine. This sample shows how to do it in Java: https://github.com/GoogleCloudPlatform/appengine-websocketchat-java. I don't think you'll be able to test it in the SDK though, because we only forward port 8080 from the container.

sasivarunan · Answer 4 · Thu Oct 02 2014 22:47:05 GMT+0800 (China Standard Time)

I've the similar set up in my Compute engine instance and wss socket connection over https works.
I tied that JAVA link by allowing all the ports in default network tcp but still it doesn't work

var secureServer = require('https').createServer(options,app).listen(8443);
var server = require('http').createServer(app).listen(8080);
var sio = require('socket.io');
io = sio.listen(secureServer);

Source Ranges:
0.0.0.0/0
Allowed Protocols or Ports:
tcp:1-65535
udp:1-65535
icmp

When i ssh in to my google managed instance and do=> docker ps

Marcos Bérgamo · Answer 5 · Thu Nov 27 2014 23:57:55 GMT+0800 (China Standard Time)

Have an answer for this issue? I'm have the same problem.. and i don't have idea how I fix it. :(