SSL on Google Compute Engine with nodejs

2019-05-01 16:01发布

问题:

Summary:

I'm trying to set-up a Node.js server on Google's Compute Engine (GCE) to work with HTTPS, but the remote server doesn't seem to respond when accessed through https://....

What I tried so far:

I've acquired a certificate from Comodo, put it on the backend, included it in the code, and created an HTTPS server as follows:

var app = express();
var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('server.key'),
  cert: fs.readFileSync('server.crt'),
};

...
        https.createServer(options,app).listen('443',function(){
                console.log('https ready')
        });

I've also added the following firewall rule:

gcloud compute firewall-rules create allow-https --description "https server" --allow tcp:443
--format json

When I run the server on my local machine and try accessing it using https://localhost:443 through Chrome, I get the expected:

This server could not prove that it is localhost; its security certificate is from www.domain_name.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

Meaning the server is properly configured to be able to recognize the https request, but since the certificate does not belong to localhost, it results in a warning.

The problem:

When I run the same code on my GCE instance, which runs on the domain name associated with the certificate, I get no response from the server. Moreover, according to tcpdump there is incoming https traffic on the correct port:

I ran netstat -ltnp with the following results:

  • When I run the server with https configuration shown above, there is no record for the 443 port.

  • When I run the server with http configuration on port 8080 there is a record for that port and everything is working fine.

  • When I run the server with http AND https configurations (listening to port 8080 and port 443), there is no records for either and there is no response from the server at all...

My question is: How can I get my GCE instance to respond to https requests? What else should I do or test?

I found several questions on this topic (q1 ,q2, q3, q4), and it seems I did everything that was recommended there, yet my problem still remains.

回答1:

Probably you are running the server as a non root user and it fails to bind to port 443 (which is a privileged port).