Working with a multi tenancy solution where users are to be allowed to set their custom domains - the solution works just fine. However, looking for suggestions on how to get the SSL installed on those custom domains and set them in Nginx so they are served via https route.
In theory, as soon as the user adds custom domain from the backend - SSL is to be installed once A record / CNAME is verified to be pointing correctly. We will be getting Letsencrypt SSL and need an approach on how to handle Ngnix config to provide SSL key to it can be served.
If anyone has produced a similar solution and can shed light on how to approach this, that will be great.
Thanks in advance.
You can solve it by manually issuing certificates using Let's Encrypt and then adding new NGINX config file for serving new domain
Or you can just switch from NGINX to Caddy and it will automatically do it for you! Also you could specify in your application route file a route for a domain whitelist check to prevent unauthenticated domain issues
I deployed an app on Heroku and set up automatic SSL configuration. According to my Heroku, my app can be accessed via https. If I use that URL, the connection is indeed secure.
I added a Synthetic Recored in my google domain to point to this url. I also added a Custom Resource Record where the Name is www, Type is CNAME, and Data is my DNS Target for the app.
I can only connect securely when I use https://www.osrshub.com. If I use www.osrshub.com or osrshub.com, it is not secure. What am I doing wrong?
The comment from user2864740 is correct. I needed to update my front end to redirect to https.
Force SSL/HTTPS with mod_rewrite
I am implementing Passport Facebook Authentication by linking the Facebook Authentication API route to a button using href like:
Facebook Login
When I click on the button, it redirects to the Facebook Authentication page. But on the page, an error message is displayed saying something like "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://"
How can I fix this issue?
Amazingly I just started trying to do the same thing like an hour ago and have been having the same issue. If you go into the FB developer portal and go to Settings under Facebook Login there's an option to Enforce HTTPS.
Further Investigation Showed:
"Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt."
Reference: Login Security
Since you're using passport, also check your auth.js settings, or where ever you keep these settings. Even if your website has a certificate, the following code will still fail:
'facebookAuth' : {
'clientID' : '.............', // App ID
'clientSecret' : '............................', // App Secret
'callbackURL' : 'localhost:9999/auth/facebook/callback',
'profileURL' : 'https://graph.facebook.com/v2.5/me?fields=first_name,last_name,email',
'profileFields' : ['id', 'email', 'name']
},
The problem lies with the callbackUrl.
'callbackURL' : '/auth/facebook/callback'
'callbackURL' : 'http://localhost:9999/auth/facebook/callback'
The statements above will both fail. The callbackUrl needs to start with https. The first one will try to load http://localhost and append the callbackUrl. The second one obiviously loads the full url with http, and both fail to connect with FB. So try one of the following. If your site has a certificate, provide the full url. If you're testing this on a localhost, create your own certificate and access it by https like:
'callbackURL' : 'https://example.com/auth/facebook/callback'
'callbackURL' : 'https://localhost:9999/auth/facebook/callback'
Since Facebook have been requiring usage of HTTPS for our redirect URIs we can use ngrok at localhost for start up a local secure HTTP tunnel. It is a clean and fast suggested alternative for now.
Get official ngrok package
Unzip to your preferred directory
unzip /opt/ngrok.zip;
Make your first HTTP tunnel: /opt/ngrok http 3000
See more great use cases in ngrok docs.
There are 2 ways you can solve that:
First:
You can go to your google Passport strategy and add proxy: true
passport.use(
new FacebookStrategy(
{
clientID: facebookID,
clientSecret: facebookSecret,
callbackURL: "/auth/facebook/callback",
proxy: true
}
)
);
What happens most of the time is that, when you deploy or app through Heroku, for example, they have a Proxy that allows Heroku to direct the requests to your specific server and Passport assumes that if your request goes through a proxy it might not be safe (So... No https).
The second way you can solve that is by using a specific path for your callbackURL.
For example, instead of using:
callbackURL: "/auth/facebook/callback"
you would use:
callbackURL: https://mydomain/auth/facebook/callback
Keep in mind that if you are going to use this approach you might need to create environment variables to hold the values of your specific redirectURL for development as well as for production.
To fix, for local development, generate ssl certs on your machine. Run the commands below(tested on Mac High Sierra, you will need the openssl lib installed on your os) to create a cert.pem and a key.pem file in your working directory.
openssl req -x509 -newkey rsa:2048 -keyout keytmp.pem -out cert.pem -days 365
openssl rsa -in keytmp.pem -out key.pem
Change your node http server to use https. You will need to import the https module in place of the http module.
const https = require('https')
const path = require('path')
const fs = require('fs')
const options = {
cert: fs.readFileSync(path.resolve(__dirname, '<path_to_your_cert.pem>')),
key: fs.readFileSync(path.resolve(__dirname, '<path_to_your_key.pem>'))
}
const server = https.createServer(options, <your_handler_or_app_eg_express>)
server.listen(<your_prefered_port_number>)
Go to the app on your facebook developer console and set the Valid OAuth Redirect URIs to the https version of your localhost domain. Do same for the app domain and site url.
In my case, I modified my package.json file.
"start": "node scripts/start.js" =>
"start": "set HTTPS=true&&node scripts/start.js"
I hope help you.
This for php sdk reference
Now https is required for the web-application to login via Facebook.
Following procedure is required get valid authentication from Facebook.
Basic Seetings
set App Domains as your root domain (www.example.com)
Privacy Policy URL (https://www.example.com/privacy-demo/)
Terms of Service URL (https://www.example.com/terms-demo/)
Set Category
Site URL (https://www.example.com/facebook-login/) facebook-login this folder contain my all facebook login files
Advanced
Server IP Whitelist (your host ip address 124.25.48.36)
Products below Facebook login settings
Valid OAuth Redirect URIs (https://www.example.com/facebook-login/fb-callback.php)
Quick start
Select website put site url (https://www.example.com/facebook-login/)
Save all changes and live your app (ie: on your app) Now your app status will live.
You can refer this code https://github.com/facebook/php-graph-sdk
use a vpn worked for me cyber ghost is free try it
In your passport setting change your redirect url to some https://someUrl
'https' is important
I provisioned a server using forge and set the domain to blog.example.com. And I generate a LetsEncrypt certificate for that server and set the site to run on http2. It was perfectly fine.
However, I need to make the server accessible via www.blog.example.com now. So I set a CNAME record to route www.blog to blog.example.com. But I got an error This site can’t provide a secure connection when I try to access the site via www.blog.example.com. So I try to generate a new certificate for www.blog.example.com but forge reply First domain does not match root domain on site.
How can I solve the problem?
Thank you.
Say I have an app with a Sinatra REST API at http://example.com:4567. With my app I have a designer working on the front-end. Rather than set him up with a local back-end I edit his hosts file as follows:
127.0.0.1 local.example.com
and his httpd-vhosts.conf as follows:
ProxyPass /api http://example.com:4567
ProxyPassReverse /api http://example.com:4567
so that API calls are proxied to the remote host. I then create a vhost for local.example.com in apache that maps to his local directory where our front-end repo is. This allows me to give him a remote back-end with a local front-end.
The reason for the subdomain is because we do Facebook authentication which has its restrictive domain policies for auth. We can successfully facebook auth a user and get redirected back to the app, but when attempting to get an access token get a 400 response with the message:
{"error"=>{"message"=>"Missing client_id parameter.", "type"=>"OAuthException", "code"=>101}}
I believe the client_id is correctly set as it's set in the rack:oauth:client object correctly, and the flow is identical and only fails when the domain is different. The only thought I have is that facebook might not like that the user auth's from local.example.com while the access token is requested from example.com, but my understanding is facebook will authenticate on all subdomains. I've also whitelisted local.example.com on my App.
Any insight or advice into how to accomplish this? Thanks in advance.
Turns out it wasn't a domain issue, but rather fb_graph, the open source fb api from nov, uses basic auth by default, you need to set auth to something other than ":basic" when you get the access token in order to solve this error.