Posts tagged: nodejs

NGINX configuration for proxing to websocket/nodejs processs

By , Friday 29th November 2013 11:06 am

Here’s a simple configuration to allow nginx to proxy through to another process including forwarding websocket traffic.

A simple set up currently in use to proxy to a nodejs process which is also serving HTML. I’d like to improve the config so that nginx serves static content, but will look to do that later.

Improvements, suggestions please add to the comments (…and thanks).

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen       443;
    server_name  example.com;

    root /var/www/html/public;

    ssl                  on;
    ssl_certificate      /etc/ssl/private/ssl.cert;
    ssl_certificate_key  /etc/ssl/private/ssl.key;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    proxy_connect_timeout 43200000;
    proxy_read_timeout 43200000;
    proxy_send_timeout 43200000;

    if ($ssl_protocol = "") {
        rewrite ^ https://$host$request_uri? permanent;
    }
    try_files $uri @proxysocket;

    location / {
        proxy_pass http://127.0.0.1:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Protecting node.js from BEAST TLS attack

By , Friday 7th June 2013 6:56 pm
Copyright Disney, I don't think they'll sue me. Thanks for the image.

Copyright Disney, I don’t think they’ll sue me. Thanks for the image.

After reading Eric Martindale‘s very useful blog post on “Mitigating TLS BEAST attack in node.js” I decided to implement this for pinitto.me in order to increase security of the site.

After implementing the suggested code I then attempted to test the SSL setup via SSLLabs.  Sadly the report came back showing that pinitto.me was still vulnerable to BEAST attacks.

A BEAST (or Browser Exploit Against SSL/TSL) attack is an attack where a third party can silently decrypt communications between a browser and a server. This is performed by attacking a weakness in CBC (cipher block chaining) discovered back in 2006 but with a practical exploit not found until late 2011.

BEAST attacks are not possible on TLS versions greater than 1.0 but as this version is currently the most predominant on the internet such attacks are possible on most unprotected servers.

The documentation on SSLLabs.com suggested a different set of ciphers to those suggested by Eric and so after implementing these pinitto.me is now reported to not be vunerable to these attacks, yey!

The code for setting up a HTTPS server on node.js therefore becomes:

var https = require('https')
  , fs = require('fs')

var options = {
   key: fs.readFileSync(config.ssl.key, 'utf8'),
   cert: fs.readFileSync(config.ssl.cert, 'utf8'),
   ca: fs.readFileSync(config.ssl.ca, 'utf8'),
   ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
   honorCipherOrder: true
}

https.createServer(options, function (req, res) {
  res.writeHead(200)
  res.end("Hello World!")
}).listen(443)

Notes

Expose github README.md at a path using express middleware

By , Sunday 24th March 2013 10:33 pm

I’ve just published the first version of a new middleware package I’ve written to expose your project’s README.md via express.

To install simply run:

npm i --save express-middleware-readme.md

Continue reading 'Expose github README.md at a path using express middleware'»

XMPP For the Web (XMPP-FTW)

By , Wednesday 20th March 2013 9:12 pm

I’d like to introduce you to my latest project XMPP-FTW. The name is a (hopefully) clever play on “For The Win” (FTW) but actually I call it “XMPP For The Web”.

Essentially XMPP-FTW tries to make XMPP in the browser as quick and painless as many of the other solutions for realtime web by translating XML to JSON and back and using named events to help fill in the missing pieces.

The project is open source and the code is available on github at XMPP-FTW source code, you can also view the manual or play with a demo on XMPP-FTW website.

Continue reading 'XMPP For the Web (XMPP-FTW)'»

New demo system for XMPP-FTW

By , Sunday 10th March 2013 6:39 pm

Originally seen on http://awesome-wildlife.blogspot.co.uk/2009/12/aardvark.html

I’ve spent most of the day writing a new demo system for XMPP-FTW and despite it looking ugly as sin (I am no god with design) I’m quite pleased with how it works, so I thought I’d write up a little piece about it…

Continue reading 'New demo system for XMPP-FTW'»

Talking at London Node User Group (LNUG) – Feburary 2013

By , Wednesday 27th February 2013 8:18 pm

At the Feburary London Node User Group (LNUG) I had a chance to speak about one of my new projects pinitto.me. Pinitto.me is an open source infinite virtual corkboard application that I created over a weekend around christmas to help with planning days for myself and colleagues at Surevine.

Continue reading 'Talking at London Node User Group (LNUG) – Feburary 2013'»

An error has occurred: {“bytesParsed”:0,”code”:”HPE_INVALID_CONSTANT”}

By , Saturday 12th January 2013 2:38 pm

From bdc.co.uk

I’ve been writing a new application in Nodejs, using websockets (socket.io), this application is deployed using the PaaS Nodejitsu.  Everything has been going great and I’ve been surprised how easy it has been to create a realtime application using socket.io. Deployment has also been a breeze with Nodejitsu’s tools.  I develop on a Linux machine myself but the other day I passed the details to someone using a windows machine running internet explorer.  The application stopped working with an error message, a redeploy didn’t help. The error I was presented with was as follows:;

An error has occurred: {“bytesParsed”:0,”code”:”HPE_INVALID_CONSTANT”}

As I haven’t uploaded any new code in about a week I made the incorrect assumption that something had gone wrong on nodejitsu’s side and so dropped them a tweet to let them know as they are still in beta as far as I understand.

Within 90 minutes I’d got a reply from Nuno Job (@dscape) from Nodejitsu letting me know that there was an issue with Internet Explorer, socket.io, and Joyent’s servers. He also included a workaround, and a link with further details. Excellent support!

From what I’ve understood the proxies used at Joyent don’t like non-HTTP response (from the flashsocket) and so prevent any further connections to the domain (please correct me in the comments if incorrect).

The solution is to turn off flashsocket as a transport when configuring socket.io as follows:

var io = require('socket.io').listen(80);

io.configure(function(){
    io.set('transports', [
        'websocket',
        'htmlfile',
        'xhr-polling',
        'jsonp-polling'
    ]);
});

See: https://github.com/LearnBoost/Socket.IO/wiki/Configuring-Socket.IO

I hope this helps anyone that comes across the same issue, the original solution/explanation came from http://blog.dreamflashstudio.com/2012/08/nodejitsu-on-joyent/.

With this in place the app sprung back into life. I just really need to report to users with browsers that don’t implement websockets that they need to use something more modern…

 

 

 

 

Panorama Theme by Themocracy

2 visitors online now
1 guests, 1 bots, 0 members
Max visitors today: 5 at 08:01 am UTC
This month: 14 at 11-05-2017 07:08 pm UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC