9

i deploy a simple nodejs server on heroku with ssl valid certificate

var https = require('https');
var express = require('express');
var bodyParser = require('body-parser');
var fs = require('fs');

var app = express();
var cors = require('cors');

var credentials = {
    key: fs.readFileSync('./cert/key.key'),
    cert: fs.readFileSync('./cert/cert.crt'),
    ca: fs.readFileSync('./cert/bundle.crt'),
    requestCert: true,
    rejectUnauthorized: false
};

var server = https.createServer(credentials, app);

var io = require('socket.io')(server);

app.use(cors()); 
app.use(bodyParser.json({limit: '12mb'})); 
app.use(bodyParser.urlencoded({limit: '12mb', extended: true }));

io.on('connection', function(socket){
   console.log(socket);
   socket.on('authenticate', function(data){

      console.log(data);
   });
});

var port = process.env.PORT || 8080;

server.listen(port, function () {
    console.log("server listen on", this.address());
});

server.on('clientError', function(err) {
    console.log('ERROR', err);
});

the problem is that when i start the app i received this error

ERROR { Error: socket hang up
at TLSSocket.<anonymous> (_tls_wrap.js:820:25)
at emitOne (events.js:101:20)
at TLSSocket.emit (events.js:188:7)
at Socket._handle.close (net.js:492:12)
at Socket.g (events.js:286:16)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at TCP._handle.close [as _onclose] (net.js:492:12) code: 'ECONNRESET' }

when i try to connect by chrome to my server i received this error in server side

2017-01-05T15:03:43.465542+00:00 heroku[router]: at=error code=H13 desc="Connection closed without response" method=GET path="/socket.io/?EIO=3&transport=polling&t=LblA3JZ" host=www.myapp.com request_id=51982ce9-99e3-4677-acb4-a0f14eb88999 fwd="95.251.90.218" dyno=web.1 connect=1ms service=2ms status=503 bytes=0
2017-01-05T15:03:43.460178+00:00 app[web.1]: ERROR Error: 140414443095936:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:../deps/openssl/openssl/ssl/s23_srvr.c:394:

and this error in the client side

XMLHttpRequest cannot load https://www.myapp.com/socket.io/?EIO=3&transport=polling&t=LblDK25. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.8:8100' is therefore not allowed access. The response had HTTP status code 503.

at first moment i thought that was socket.io but the problem persist also with normal REST operation. now i think that i a SSL problem. i create a valid certificate with godaddy provider and i upload it to heroku with success. in fact if i try to connect to my app through https connection the certificate is valid. maybe the problem is when i try to upload this certificates into my nodejs app.someone can help me? thanks in advance

Diagonal Think
  • 323
  • 1
  • 3
  • 14

1 Answers1

24

You should use an HTTP server instead of HTTPS. SSL termination occurs at Heroku's load balancers; they send your app plain (non-SSL) traffic, so your app should create a non-HTTPS server.

HTTPS + SSL on Heroku - Node + Express

Community
  • 1
  • 1
Andrés Andrade
  • 2,213
  • 2
  • 18
  • 23
  • thank you. it work! but i have some doubts. i not use the heroku ssl endpoint (the plugin of 20$), but the new Heroku SSL service tha is included starting from hobby plan. now in my server code i use only a http server but by the client side i connect to 'https://' . I would understand if the connection is secure – Diagonal Think Jan 05 '17 at 17:09
  • The connection between your app and Heroku is secure but Heroku sends non encrypted data from their load balancers to your app. Maybe you should try using some package like express-sslify to enforce https on incoming request, but I don't think that's the best solution because your sensible data is sent to http before been redirected to https. I could't find any specific documentation about how SSL works in Heroku. I guess we simply have to trust in Heroku :S Maybe you cold try asking Heroku support for more info. – Andrés Andrade Jan 05 '17 at 18:15
  • ok, in any case very thanks. but yes this point is really important – Diagonal Think Jan 05 '17 at 19:18
  • @DiagonalThink were you able to get more info about what Andres mentioned? – Joseph K. Sep 17 '19 at 00:34
  • Really difficult to find the root problem. Thanks a lot for this. – julianm Oct 22 '21 at 02:36
  • I'm confused. Isn't it insecure to have an http server instead of an https? And sometimes browsers require you have an https server – Dashiell Rose Bark-Huss Aug 04 '22 at 21:32
  • 1
    @DashiellRoseBark-Huss SSL termination happens on Heroku load balancers and before incoming traffic gets to your application. Heroku servers open new HTTP connections to your dyno (your application), and whatever it gets is sent back over HTTPS to the client. The communication between the browser/client and Heroku load balancers/servers is over HTTPS and communications between Heroku load balancers/servers and your dyno (application) are over HTTP. – Andrés Andrade Aug 05 '22 at 00:22
  • @AndrésAndrade ok so if my app is already running and this H13 error is intermittent and doesn't have any visible SSL errors and I already use http.createServer not https.createServer, is it likely not an SSL issue? Or can this issue be intermittent? – Dashiell Rose Bark-Huss Aug 05 '22 at 16:19
  • @DashiellRoseBark-Huss if your are not seeing any error logs related to the H13 error your app may be catching unhandled exceptions. H13 errors are triggered when your server accepts connections but then destroys the connection socket before sending a response. Please see https://github.com/hunterloftis/heroku-node-errcodes/tree/master/h13 for more info. – Andrés Andrade Aug 08 '22 at 13:10