root
/
greenlock.js
mirror of https://github.com/therootcompany/greenlock.js.git
2
0
Fork 0
Code Issues 27 Releases Wiki Activity

SSL is not working in localhost #4

New Issue
Closed
opened 2019-09-20 08:34:38 +00:00 by Ghost · 1 comment
Ghost commented 2019-09-20 08:34:38 +00:00
Copy Link

Hello,

I am trying to setup ssl in my local system. I am using windows machine with sails js application.

here is the configuration that I did.

/**
 * Production environment settings
 * (sails.config.*)
 *
 * What you see below is a quick outline of the built-in settings you need
 * to configure your Sails app for production.  The configuration in this file
 * is only used in your production environment, i.e. when you lift your app using:
 *
 * ```
 * NODE_ENV=production node app
 * ```
 *
 * > If you're using git as a version control solution for your Sails app,
 * > this file WILL BE COMMITTED to your repository by default, unless you add
 * > it to your .gitignore file.  If your repository will be publicly viewable,
 * > don't add private/sensitive data (like API secrets / db passwords) to this file!
 *
 * For more best practices and tips, see:
 * https://sailsjs.com/docs/concepts/deployment
 */
// returns an instance of greenlock.js with additional helper methods
const glx = require('greenlock-express').create({
  server: 'https://acme-staging-v02.api.letsencrypt.org/directory',
  version: 'draft-12', // Let's Encrypt v2 (ACME v2)
  telemetry: true,
  configDir: 'D:\\cert\\localhost',
  email: 'xuz@gmail.com',
  agreeTos: true,
  servername: 'localhost.com',
  domains: ['localhost', 'www.localhost'],
  debug: true
});

// handles acme-challenge and redirects to https
// require('http')
//   .createServer(glx.middleware(require('redirect-https')()))
//   .listen(80, function() {
//     console.log('Listening for ACME http-01 challenges on', this.address());
//   });

module.exports = {
  /**************************************************************************
   *                                                                         *
   * Tell Sails what database(s) it should use in production.                *
   *                                                                         *
   * (https://sailsjs.com/config/datastores)                                 *
   *                                                                         *
   **************************************************************************/
  datastores: {
    /***************************************************************************
     *                                                                          *
     * Configure your default production database.                              *
     *                                                                          *
     * 1. Choose an adapter:                                                    *
     *    https://sailsjs.com/plugins/databases                                 *
     *                                                                          *
     * 2. Install it as a dependency of your Sails app.                         *
     *    (For example:  npm install sails-mysql --save)                        *
     *                                                                          *
     * 3. Then set it here (`adapter`), along with a connection URL (`url`)     *
     *    and any other, adapter-specific customizations.                       *
     *    (See https://sailsjs.com/config/datastores for help.)                 *
     *                                                                          *
     ***************************************************************************/
    default: {
      adapter: 'sails-mysql',
      url: 'mysql://root:gs8jh3kj3w48xudf@35.197.96.87:3306/fulfil_db'

      // adapter: 'sails-mysql',
      // url: 'mysql://user:password@host:port/database',
      //--------------------------------------------------------------------------
      //  /\   To avoid checking it in to version control, you might opt to set
      //  ||   sensitive credentials like `url` using an environment variable.
      //
      //  For example:
      //  ```
      //  sails_datastores__default__url=mysql://admin:myc00lpAssw2D@db.example.com:3306/my_prod_db
      //  ```
      //--------------------------------------------------------------------------

      /****************************************************************************
       *                                                                           *
       * More adapter-specific options                                             *
       *                                                                           *
       * > For example, for some hosted PostgreSQL providers (like Heroku), the    *
       * > extra `ssl: true` option is mandatory and must be provided.             *
       *                                                                           *
       * More info:                                                                *
       * https://sailsjs.com/config/datastores                                     *
       *                                                                           *
       ****************************************************************************/
      // ssl: true,
    }
  },

  models: {
    /***************************************************************************
     *                                                                          *
     * To help avoid accidents, Sails automatically sets the automigration      *
     * strategy to "safe" when your app lifts in production mode.               *
     * (This is just here as a reminder.)                                       *
     *                                                                          *
     * More info:                                                               *
     * https://sailsjs.com/docs/concepts/models-and-orm/model-settings#?migrate *
     *                                                                          *
     ***************************************************************************/
    migrate: 'safe'

    /***************************************************************************
     *                                                                          *
     * If, in production, this app has access to physical-layer CASCADE         *
     * constraints (e.g. PostgreSQL or MySQL), then set those up in the         *
     * database and uncomment this to disable Waterline's `cascadeOnDestroy`    *
     * polyfill.  (Otherwise, if you are using a databse like Mongo, you might  *
     * choose to keep this enabled.)                                            *
     *                                                                          *
     ***************************************************************************/
    // cascadeOnDestroy: false,
  },

  /**************************************************************************
   *                                                                         *
   * Always disable "shortcut" blueprint routes.                             *
   *                                                                         *
   * > You'll also want to disable any other blueprint routes if you are not *
   * > actually using them (e.g. "actions" and "rest") -- but you can do     *
   * > that in `config/blueprints.js`, since you'll want to disable them in  *
   * > all environments (not just in production.)                            *
   *                                                                         *
   ***************************************************************************/
  blueprints: {
    shortcuts: false
  },

  /***************************************************************************
   *                                                                          *
   * Configure your security settings for production.                         *
   *                                                                          *
   * IMPORTANT:                                                               *
   * If web browsers will be communicating with your app, be sure that        *
   * you have CSRF protection enabled.  To do that, set `csrf: true` over     *
   * in the `config/security.js` file (not here), so that CSRF app can be     *
   * tested with CSRF protection turned on in development mode too.           *
   *                                                                          *
   ***************************************************************************/
  security: {
    /***************************************************************************
     *                                                                          *
     * If this app has CORS enabled (see `config/security.js`) with the         *
     * `allowCredentials` setting enabled, then you should uncomment the        *
     * `allowOrigins` whitelist below.  This sets which "origins" are allowed   *
     * to send cross-domain (CORS) requests to your Sails app.                  *
     *                                                                          *
     * > Replace "https://example.com" with the URL of your production server.  *
     * > Be sure to use the right protocol!  ("http://" vs. "https://")         *
     *                                                                          *
     ***************************************************************************/
    cors: {
      allRoutes: true,
      allowOrigins: '*',
      allowCredentials: false
    }
  },

  /***************************************************************************
   *                                                                          *
   * Configure how your app handles sessions in production.                   *
   *                                                                          *
   * (https://sailsjs.com/config/session)                                     *
   *                                                                          *
   * > If you have disabled the "session" hook, then you can safely remove    *
   * > this section from your `config/env/production.js` file.                *
   *                                                                          *
   ***************************************************************************/
  session: {
    /***************************************************************************
     *                                                                          *
     * Production session store configuration.                                  *
     *                                                                          *
     * Uncomment the following lines to finish setting up a package called      *
     * "@sailshq/connect-redis" that will use Redis to handle session data.     *
     * This makes your app more scalable by allowing you to share sessions      *
     * across a cluster of multiple Sails/Node.js servers and/or processes.     *
     * (See http://bit.ly/redis-session-config for more info.)                  *
     *                                                                          *
     * > While @sailshq/connect-redis is a popular choice for Sails apps, many  *
     * > other compatible packages (like "connect-mongo") are available on NPM. *
     * > (For a full list, see https://sailsjs.com/plugins/sessions)            *
     *                                                                          *
     ***************************************************************************/
    // adapter: '@sailshq/connect-redis',
    // url: 'redis://user:password@localhost:6379/databasenumber',
    //--------------------------------------------------------------------------
    // /\   OR, to avoid checking it in to version control, you might opt to
    // ||   set sensitive credentials like this using an environment variable.
    //
    // For example:
    // ```
    // sails_session__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/0
    // ```
    //
    //--------------------------------------------------------------------------

    /***************************************************************************
     *                                                                          *
     * Production configuration for the session ID cookie.                      *
     *                                                                          *
     * Tell browsers (or other user agents) to ensure that session ID cookies   *
     * are always transmitted via HTTPS, and that they expire 24 hours after    *
     * they are set.                                                            *
     *                                                                          *
     * Note that with `secure: true` set, session cookies will _not_ be         *
     * transmitted over unsecured (HTTP) connections. Also, for apps behind     *
     * proxies (like Heroku), the `trustProxy` setting under `http` must be     *
     * configured in order for `secure: true` to work.                          *
     *                                                                          *
     * > While you might want to increase or decrease the `maxAge` or provide   *
     * > other options, you should always set `secure: true` in production      *
     * > if the app is being served over HTTPS.                                 *
     *                                                                          *
     * Read more:                                                               *
     * https://sailsjs.com/config/session#?the-session-id-cookie                *
     *                                                                          *
     ***************************************************************************/
    cookie: {
      // secure: true,
      maxAge: 24 * 60 * 60 * 1000 // 24 hours
    }
  },

  /**************************************************************************
   *                                                                          *
   * Set up Socket.io for your production environment.                        *
   *                                                                          *
   * (https://sailsjs.com/config/sockets)                                     *
   *                                                                          *
   * > If you have disabled the "sockets" hook, then you can safely remove    *
   * > this section from your `config/env/production.js` file.                *
   *                                                                          *
   ***************************************************************************/
  sockets: {
    onlyAllowOrigins: []
    /***************************************************************************
     *                                                                          *
     * Uncomment the `onlyAllowOrigins` whitelist below to configure which      *
     * "origins" are allowed to open socket connections to your Sails app.      *
     *                                                                          *
     * > Replace "https://example.com" etc. with the URL(s) of your app.        *
     * > Be sure to use the right protocol!  ("http://" vs. "https://")         *
     *                                                                          *
     ***************************************************************************/
    // onlyAllowOrigins: [
    //   'https://example.com',
    //   'https://staging.example.com',
    // ],

    /***************************************************************************
     *                                                                          *
     * If you are deploying a cluster of multiple servers and/or processes,     *
     * then uncomment the following lines.  This tells Socket.io about a Redis  *
     * server it can use to help it deliver broadcasted socket messages.        *
     *                                                                          *
     * > Be sure a compatible version of @sailshq/socket.io-redis is installed! *
     * > (See https://sailsjs.com/config/sockets for the latest version info)   *
     *                                                                          *
     * (https://sailsjs.com/docs/concepts/deployment/scaling)                   *
     *                                                                          *
     ***************************************************************************/
    // adapter: '@sailshq/socket.io-redis',
    // url: 'redis://user:password@bigsquid.redistogo.com:9562/databasenumber',
    //--------------------------------------------------------------------------
    // /\   OR, to avoid checking it in to version control, you might opt to
    // ||   set sensitive credentials like this using an environment variable.
    //
    // For example:
    // ```
    // sails_sockets__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/0
    // ```
    //--------------------------------------------------------------------------
  },

  /**************************************************************************
   *                                                                         *
   * Set the production log level.                                           *
   *                                                                         *
   * (https://sailsjs.com/config/log)                                        *
   *                                                                         *
   ***************************************************************************/
  log: {
    level: 'debug'
  },

  http: {
    serverOptions: glx.httpsOptions,
    /***************************************************************************
     *                                                                          *
     * The number of milliseconds to cache static assets in production.         *
     * (the "max-age" to include in the "Cache-Control" response header)        *
     *                                                                          *
     ***************************************************************************/
    cache: 365.25 * 24 * 60 * 60 * 1000 // One year

    /***************************************************************************
     *                                                                          *
     * Proxy settings                                                           *
     *                                                                          *
     * If your app will be deployed behind a proxy/load balancer - for example, *
     * on a PaaS like Heroku - then uncomment the `trustProxy` setting below.   *
     * This tells Sails/Express how to interpret X-Forwarded headers.           *
     *                                                                          *
     * This setting is especially important if you are using secure cookies     *
     * (see the `cookies: secure` setting under `session` above) or if your app *
     * relies on knowing the original IP address that a request came from.      *
     *                                                                          *
     * (https://sailsjs.com/config/http)                                        *
     *                                                                          *
     ***************************************************************************/
    // trustProxy: true,
  },

  /**************************************************************************
   *                                                                         *
   * Lift the server on port 80.                                             *
   * (if deploying behind a proxy, or to a PaaS like Heroku or Deis, you     *
   * probably don't need to set a port here, because it is oftentimes        *
   * handled for you automatically.  If you are not sure if you need to set  *
   * this, just try deploying without setting it and see if it works.)       *
   *                                                                         *
   ***************************************************************************/
  host: '127.0.0.1',
  port: 443,
  ssl: true,

  /**************************************************************************
   *                                                                         *
   * Configure an SSL certificate                                            *
   *                                                                         *
   * For the safety of your users' data, you should use SSL in production.   *
   * ...But in many cases, you may not actually want to set it up _here_.    *
   *                                                                         *
   * Normally, this setting is only relevant when running a single-process   *
   * deployment, with no proxy/load balancer in the mix.  But if, on the     *
   * other hand, you are using a PaaS like Heroku, you'll want to set up     *
   * SSL in your load balancer settings (usually somewhere in your hosting   *
   * provider's dashboard-- not here.)                                       *
   *                                                                         *
   * > For more information about configuring SSL in Sails, see:             *
   * > https://sailsjs.com/config/*#?sailsconfigssl                          *
   *                                                                         *
   **************************************************************************/
  // ssl: undefined,

  lifejacket: {
    // Disabled by default. (e.g. for local dev)
    // So you'll want to override this in your config/env/production.js file,
    // setting it to `true`.
    ensureHttps: true

    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    // If you don't already have the conventional `sails.config.custom.baseUrl` set,
    // then uncomment the following `host` config.  This must be set manually if `ensureHttps`
    // is enabled.
    // > Should be provided as a string, like `foo.example.com`.
    // host: 'mysweetsite.com',
    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  }
};

When I fire up below command then it shows
image like this but when I run this application in browser https://localhost then it shows error.

Error:

[gl/index.js] gl.getCertificates called for localhost with certs for NONE
[gl/index.js] gl.approveDomains called with certs for NONE and options:
[gl/index.js] { domain: 'localhost',
  domains: [ 'localhost' ],
  certs: null,
  certificate: {},
  account: {},
  wildname: '*.' }
[gl/index.js] gl getting from disk or registering new
[le-store-certbot]
[le-store-certbot]
[greenlock/lib/core.js] checkAsync failed to find certificates
[le-store-certbot] success reading arg.accountsDir
[le-store-certbot] regrs.length 1
[le-store-certbot] accountId: 7deec612c26a9f3163c582e4ea6a972d
[greenlock/lib/core.js] calling greenlock.acme.getCertificateAsync localhost [ 'localhost' ]
[acme-v2] DEBUG get cert 1
[acme-v2] accounts.create
[acme-v2] agreeToTerms
[acme-v2] accounts.create JSON body:
{ protected:
   'eyJub25jZSI6IjAwMDJOU2o2eXpYRlB6SWhMekRLT1lwc1R6bTdlcXhtMWVBMzBNdFJqZ3VFSlU4IiwiYWxnIjoiUlMyNTYiLCJ1cmwiOiJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0IiwiandrIjp7Imt0eSI6IlJTQSIsIm4iOiJ4ZXB4b2RyempSdi1nUERpaUg3ZFhFQklYR3pvXy16bXkyNzNDeEN6TFRIUkx4ZFBpb29idXRtNzZHbkxpRzV4QzN0eHoyS1k2Tk1qSXNERWJRNk1mM1BCc3RLVnp1V01HLWxvZ0ducDZqOXFyVHVpSloyRk1VYkQwRVk2R3R6ZzRNQzVRNnJqM1BqUDIyOXNnQjJ3UWlGLWtNMzBHSU9KOE14T1c0RGhlMHRaQ1JpVHpnQmt0Qy1EUFRMUGdDMTRYR0RfTC10QVN6OW5SUlBGbDZNdGljWjkwQktNbG16OUFQalNiajBpclloV3VJVmNyN1l6SnhBakFod015OE9BRVFjbTJXbldjN3YyZXVPa2RZSkZpNEpEelM5cmppZWlSZTItR05kNmFpbHdhdzZVdkRnZVFFY2N3VllqblVJcUdGUlFMNE55RlZQVEZlT2lDT1FGelEiLCJlIjoiQVFBQiJ9fQ',
  payload:
   'eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwib25seVJldHVybkV4aXN0aW5nIjpmYWxzZX0',
  signature:
   'niurbbdEwbyPPXdLEWw_Qi1iQSHQ2otsqZPUEUAZ4HN3BNDo2ugknJMQdvPEzMrsfyntxMyX6hqiM5sgYcbaPX5TErolPebmITXC3lqgBn8nZaMx2JInqD0s8OQM71l-N95PqAmbOpTykGPaEASwN95acm47gQdbjLu6nBsnF6sfzFghRDTVhk8xpGhUTqhKjQ7vIrH6QlpPVi8N5WTabfCQDWeaNCFjq6vKiCvbfjFPmLZn2junDwAe4utIpuP3FqZYMlCvXFCmr_o7qyyQZWxWWZbajHJO75HBkrqKx_fbI5ogj3wuLikddQmzDqPARV0F8coEaYqmQsfh24h43A' }
[DEBUG] new account location:
https://acme-staging-v02.api.letsencrypt.org/acme/acct/11074181
{ statusCode: 200,
  body:
   { key:
      { kty: 'RSA',
        n:
         'xepxodrzjRv-gPDiiH7dXEBIXGzo_-zmy273CxCzLTHRLxdPioobutm76GnLiG5xC3txz2KY6NMjIsDEbQ6Mf3PBstKVzuWMG-logGnp6j9qrTuiJZ2FMUbD0EY6Gtzg4MC5Q6rj3PjP229sgB2wQiF-kM30GIOJ8MxOW4Dhe0tZCRiTzgBktC-DPTLPgC14XGD_L-tASz9nRRPFl6MticZ90BKMlmz9APjSbj0irYhWuIVcr7YzJxAjAhwMy8OAEQcm2WnWc7v2euOkdYJFi4JDzS9rjieiRe2-GNd6ailwaw6UvDgeQEccwVYjnUIqGFRQL4NyFVPTFeOiCOQFzQ',
        e: 'AQAB' },
     contact: [ 'mailto:baj9032@gmail.com' ],
     initialIp: '103.238.110.39',
     createdAt: '2019-09-20T08:07:38Z',
     status: 'valid' },
  headers:
   { server: 'nginx',
     date: 'Fri, 20 Sep 2019 08:11:39 GMT',
     'content-type': 'application/json',
     'content-length': '551',
     connection: 'close',
     'cache-control': 'public, max-age=0, no-cache',
     link:
      '<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"',
     location:
      'https://acme-staging-v02.api.letsencrypt.org/acme/acct/11074181',
     'replay-nonce': '00027sSdL_GbUp842Yw5P-69vfX0wI1vzkxBJGo6_9o6jwY',
     'x-frame-options': 'DENY',
     'strict-transport-security': 'max-age=604800' },
  request:
   { uri:
      Url {
        protocol: 'https:',
        slashes: true,
        auth: null,
        host: 'acme-staging-v02.api.letsencrypt.org',
        port: null,
        hostname: 'acme-staging-v02.api.letsencrypt.org',
        hash: null,
        search: null,
        query: null,
        pathname: '/acme/new-acct',
        path: '/acme/new-acct',
        href: 'https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' },
     method: 'POST',
     headers:
      { 'Content-Type': 'application/jose+json',
        'Content-Length': 1155 } } }
[acme-v2] DEBUG get cert 1
[greenlock/lib/core.js] setChallenge called for 'localhost'

[DEBUG] waitChallengeDelay 500

[acme-v2] handled(?) rejection as errback:
Error: connect ECONNREFUSED 127.0.0.1:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
Error loading/registering certificate for 'localhost':
{ Error: connect ECONNREFUSED 127.0.0.1:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
  errno: 'ECONNREFUSED',
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '127.0.0.1',
  port: 80 }
Hello, I am trying to setup ssl in my local system. I am using windows machine with sails js application. here is the configuration that I did. ``` /** * Production environment settings * (sails.config.*) * * What you see below is a quick outline of the built-in settings you need * to configure your Sails app for production. The configuration in this file * is only used in your production environment, i.e. when you lift your app using: * * ``` * NODE_ENV=production node app * ``` * * > If you're using git as a version control solution for your Sails app, * > this file WILL BE COMMITTED to your repository by default, unless you add * > it to your .gitignore file. If your repository will be publicly viewable, * > don't add private/sensitive data (like API secrets / db passwords) to this file! * * For more best practices and tips, see: * https://sailsjs.com/docs/concepts/deployment */ // returns an instance of greenlock.js with additional helper methods const glx = require('greenlock-express').create({ server: 'https://acme-staging-v02.api.letsencrypt.org/directory', version: 'draft-12', // Let's Encrypt v2 (ACME v2) telemetry: true, configDir: 'D:\\cert\\localhost', email: 'xuz@gmail.com', agreeTos: true, servername: 'localhost.com', domains: ['localhost', 'www.localhost'], debug: true }); // handles acme-challenge and redirects to https // require('http') // .createServer(glx.middleware(require('redirect-https')())) // .listen(80, function() { // console.log('Listening for ACME http-01 challenges on', this.address()); // }); module.exports = { /************************************************************************** * * * Tell Sails what database(s) it should use in production. * * * * (https://sailsjs.com/config/datastores) * * * **************************************************************************/ datastores: { /*************************************************************************** * * * Configure your default production database. * * * * 1. Choose an adapter: * * https://sailsjs.com/plugins/databases * * * * 2. Install it as a dependency of your Sails app. * * (For example: npm install sails-mysql --save) * * * * 3. Then set it here (`adapter`), along with a connection URL (`url`) * * and any other, adapter-specific customizations. * * (See https://sailsjs.com/config/datastores for help.) * * * ***************************************************************************/ default: { adapter: 'sails-mysql', url: 'mysql://root:gs8jh3kj3w48xudf@35.197.96.87:3306/fulfil_db' // adapter: 'sails-mysql', // url: 'mysql://user:password@host:port/database', //-------------------------------------------------------------------------- // /\ To avoid checking it in to version control, you might opt to set // || sensitive credentials like `url` using an environment variable. // // For example: // ``` // sails_datastores__default__url=mysql://admin:myc00lpAssw2D@db.example.com:3306/my_prod_db // ``` //-------------------------------------------------------------------------- /**************************************************************************** *                         * * More adapter-specific options * *                         * * > For example, for some hosted PostgreSQL providers (like Heroku), the * * > extra `ssl: true` option is mandatory and must be provided. * *                         * * More info:                   * * https://sailsjs.com/config/datastores           * *                         * ****************************************************************************/ // ssl: true, } }, models: { /*************************************************************************** * * * To help avoid accidents, Sails automatically sets the automigration * * strategy to "safe" when your app lifts in production mode. * * (This is just here as a reminder.) * * * * More info: * * https://sailsjs.com/docs/concepts/models-and-orm/model-settings#?migrate * * * ***************************************************************************/ migrate: 'safe' /*************************************************************************** * * * If, in production, this app has access to physical-layer CASCADE * * constraints (e.g. PostgreSQL or MySQL), then set those up in the * * database and uncomment this to disable Waterline's `cascadeOnDestroy` * * polyfill. (Otherwise, if you are using a databse like Mongo, you might * * choose to keep this enabled.) * * * ***************************************************************************/ // cascadeOnDestroy: false, }, /************************************************************************** * * * Always disable "shortcut" blueprint routes. * * * * > You'll also want to disable any other blueprint routes if you are not * * > actually using them (e.g. "actions" and "rest") -- but you can do * * > that in `config/blueprints.js`, since you'll want to disable them in * * > all environments (not just in production.) * * * ***************************************************************************/ blueprints: { shortcuts: false }, /*************************************************************************** * * * Configure your security settings for production. * * * * IMPORTANT: * * If web browsers will be communicating with your app, be sure that * * you have CSRF protection enabled. To do that, set `csrf: true` over * * in the `config/security.js` file (not here), so that CSRF app can be * * tested with CSRF protection turned on in development mode too. * * * ***************************************************************************/ security: { /*************************************************************************** * * * If this app has CORS enabled (see `config/security.js`) with the * * `allowCredentials` setting enabled, then you should uncomment the * * `allowOrigins` whitelist below. This sets which "origins" are allowed * * to send cross-domain (CORS) requests to your Sails app. * * * * > Replace "https://example.com" with the URL of your production server. * * > Be sure to use the right protocol! ("http://" vs. "https://") * * * ***************************************************************************/ cors: { allRoutes: true, allowOrigins: '*', allowCredentials: false } }, /*************************************************************************** * * * Configure how your app handles sessions in production. * * * * (https://sailsjs.com/config/session) * * * * > If you have disabled the "session" hook, then you can safely remove * * > this section from your `config/env/production.js` file. * * * ***************************************************************************/ session: { /*************************************************************************** * * * Production session store configuration. * * * * Uncomment the following lines to finish setting up a package called * * "@sailshq/connect-redis" that will use Redis to handle session data. * * This makes your app more scalable by allowing you to share sessions * * across a cluster of multiple Sails/Node.js servers and/or processes. * * (See http://bit.ly/redis-session-config for more info.) * * * * > While @sailshq/connect-redis is a popular choice for Sails apps, many * * > other compatible packages (like "connect-mongo") are available on NPM. * * > (For a full list, see https://sailsjs.com/plugins/sessions) * * * ***************************************************************************/ // adapter: '@sailshq/connect-redis', // url: 'redis://user:password@localhost:6379/databasenumber', //-------------------------------------------------------------------------- // /\ OR, to avoid checking it in to version control, you might opt to // || set sensitive credentials like this using an environment variable. // // For example: // ``` // sails_session__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/0 // ``` // //-------------------------------------------------------------------------- /*************************************************************************** * * * Production configuration for the session ID cookie. * * * * Tell browsers (or other user agents) to ensure that session ID cookies * * are always transmitted via HTTPS, and that they expire 24 hours after * * they are set. * * * * Note that with `secure: true` set, session cookies will _not_ be * * transmitted over unsecured (HTTP) connections. Also, for apps behind * * proxies (like Heroku), the `trustProxy` setting under `http` must be * * configured in order for `secure: true` to work. * * * * > While you might want to increase or decrease the `maxAge` or provide * * > other options, you should always set `secure: true` in production * * > if the app is being served over HTTPS. * * * * Read more: * * https://sailsjs.com/config/session#?the-session-id-cookie * * * ***************************************************************************/ cookie: { // secure: true, maxAge: 24 * 60 * 60 * 1000 // 24 hours } }, /************************************************************************** * * * Set up Socket.io for your production environment. * * * * (https://sailsjs.com/config/sockets) * * * * > If you have disabled the "sockets" hook, then you can safely remove * * > this section from your `config/env/production.js` file. * * * ***************************************************************************/ sockets: { onlyAllowOrigins: [] /*************************************************************************** * * * Uncomment the `onlyAllowOrigins` whitelist below to configure which * * "origins" are allowed to open socket connections to your Sails app. * * * * > Replace "https://example.com" etc. with the URL(s) of your app. * * > Be sure to use the right protocol! ("http://" vs. "https://") * * * ***************************************************************************/ // onlyAllowOrigins: [ // 'https://example.com', // 'https://staging.example.com', // ], /*************************************************************************** * * * If you are deploying a cluster of multiple servers and/or processes, * * then uncomment the following lines. This tells Socket.io about a Redis * * server it can use to help it deliver broadcasted socket messages. * * * * > Be sure a compatible version of @sailshq/socket.io-redis is installed! * * > (See https://sailsjs.com/config/sockets for the latest version info) * * * * (https://sailsjs.com/docs/concepts/deployment/scaling) * * * ***************************************************************************/ // adapter: '@sailshq/socket.io-redis', // url: 'redis://user:password@bigsquid.redistogo.com:9562/databasenumber', //-------------------------------------------------------------------------- // /\ OR, to avoid checking it in to version control, you might opt to // || set sensitive credentials like this using an environment variable. // // For example: // ``` // sails_sockets__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/0 // ``` //-------------------------------------------------------------------------- }, /************************************************************************** * * * Set the production log level. * * * * (https://sailsjs.com/config/log) * * * ***************************************************************************/ log: { level: 'debug' }, http: { serverOptions: glx.httpsOptions, /*************************************************************************** * * * The number of milliseconds to cache static assets in production. * * (the "max-age" to include in the "Cache-Control" response header) * * * ***************************************************************************/ cache: 365.25 * 24 * 60 * 60 * 1000 // One year /*************************************************************************** * * * Proxy settings * * * * If your app will be deployed behind a proxy/load balancer - for example, * * on a PaaS like Heroku - then uncomment the `trustProxy` setting below. * * This tells Sails/Express how to interpret X-Forwarded headers. * * * * This setting is especially important if you are using secure cookies * * (see the `cookies: secure` setting under `session` above) or if your app * * relies on knowing the original IP address that a request came from. * * * * (https://sailsjs.com/config/http) * * * ***************************************************************************/ // trustProxy: true, }, /************************************************************************** * * * Lift the server on port 80. * * (if deploying behind a proxy, or to a PaaS like Heroku or Deis, you * * probably don't need to set a port here, because it is oftentimes * * handled for you automatically. If you are not sure if you need to set * * this, just try deploying without setting it and see if it works.) * * * ***************************************************************************/ host: '127.0.0.1', port: 443, ssl: true, /************************************************************************** * * * Configure an SSL certificate * * * * For the safety of your users' data, you should use SSL in production. * * ...But in many cases, you may not actually want to set it up _here_. * * * * Normally, this setting is only relevant when running a single-process * * deployment, with no proxy/load balancer in the mix. But if, on the * * other hand, you are using a PaaS like Heroku, you'll want to set up * * SSL in your load balancer settings (usually somewhere in your hosting * * provider's dashboard-- not here.) * * * * > For more information about configuring SSL in Sails, see: * * > https://sailsjs.com/config/*#?sailsconfigssl * * * **************************************************************************/ // ssl: undefined, lifejacket: { // Disabled by default. (e.g. for local dev) // So you'll want to override this in your config/env/production.js file, // setting it to `true`. ensureHttps: true // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // If you don't already have the conventional `sails.config.custom.baseUrl` set, // then uncomment the following `host` config. This must be set manually if `ensureHttps` // is enabled. // > Should be provided as a string, like `foo.example.com`. // host: 'mysweetsite.com', // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - } }; ``` **When I fire up below command then it shows** ![image](/attachments/1e38de19-63f6-4b67-8725-7c23a1dc702a) **like this but when I run this application in browser https://localhost then it shows error.** **Error:** ``` [gl/index.js] gl.getCertificates called for localhost with certs for NONE [gl/index.js] gl.approveDomains called with certs for NONE and options: [gl/index.js] { domain: 'localhost', domains: [ 'localhost' ], certs: null, certificate: {}, account: {}, wildname: '*.' } [gl/index.js] gl getting from disk or registering new [le-store-certbot] [le-store-certbot] [greenlock/lib/core.js] checkAsync failed to find certificates [le-store-certbot] success reading arg.accountsDir [le-store-certbot] regrs.length 1 [le-store-certbot] accountId: 7deec612c26a9f3163c582e4ea6a972d [greenlock/lib/core.js] calling greenlock.acme.getCertificateAsync localhost [ 'localhost' ] [acme-v2] DEBUG get cert 1 [acme-v2] accounts.create [acme-v2] agreeToTerms [acme-v2] accounts.create JSON body: { protected: 'eyJub25jZSI6IjAwMDJOU2o2eXpYRlB6SWhMekRLT1lwc1R6bTdlcXhtMWVBMzBNdFJqZ3VFSlU4IiwiYWxnIjoiUlMyNTYiLCJ1cmwiOiJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0IiwiandrIjp7Imt0eSI6IlJTQSIsIm4iOiJ4ZXB4b2RyempSdi1nUERpaUg3ZFhFQklYR3pvXy16bXkyNzNDeEN6TFRIUkx4ZFBpb29idXRtNzZHbkxpRzV4QzN0eHoyS1k2Tk1qSXNERWJRNk1mM1BCc3RLVnp1V01HLWxvZ0ducDZqOXFyVHVpSloyRk1VYkQwRVk2R3R6ZzRNQzVRNnJqM1BqUDIyOXNnQjJ3UWlGLWtNMzBHSU9KOE14T1c0RGhlMHRaQ1JpVHpnQmt0Qy1EUFRMUGdDMTRYR0RfTC10QVN6OW5SUlBGbDZNdGljWjkwQktNbG16OUFQalNiajBpclloV3VJVmNyN1l6SnhBakFod015OE9BRVFjbTJXbldjN3YyZXVPa2RZSkZpNEpEelM5cmppZWlSZTItR05kNmFpbHdhdzZVdkRnZVFFY2N3VllqblVJcUdGUlFMNE55RlZQVEZlT2lDT1FGelEiLCJlIjoiQVFBQiJ9fQ', payload: 'eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwib25seVJldHVybkV4aXN0aW5nIjpmYWxzZX0', signature: 'niurbbdEwbyPPXdLEWw_Qi1iQSHQ2otsqZPUEUAZ4HN3BNDo2ugknJMQdvPEzMrsfyntxMyX6hqiM5sgYcbaPX5TErolPebmITXC3lqgBn8nZaMx2JInqD0s8OQM71l-N95PqAmbOpTykGPaEASwN95acm47gQdbjLu6nBsnF6sfzFghRDTVhk8xpGhUTqhKjQ7vIrH6QlpPVi8N5WTabfCQDWeaNCFjq6vKiCvbfjFPmLZn2junDwAe4utIpuP3FqZYMlCvXFCmr_o7qyyQZWxWWZbajHJO75HBkrqKx_fbI5ogj3wuLikddQmzDqPARV0F8coEaYqmQsfh24h43A' } [DEBUG] new account location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/11074181 { statusCode: 200, body: { key: { kty: 'RSA', n: 'xepxodrzjRv-gPDiiH7dXEBIXGzo_-zmy273CxCzLTHRLxdPioobutm76GnLiG5xC3txz2KY6NMjIsDEbQ6Mf3PBstKVzuWMG-logGnp6j9qrTuiJZ2FMUbD0EY6Gtzg4MC5Q6rj3PjP229sgB2wQiF-kM30GIOJ8MxOW4Dhe0tZCRiTzgBktC-DPTLPgC14XGD_L-tASz9nRRPFl6MticZ90BKMlmz9APjSbj0irYhWuIVcr7YzJxAjAhwMy8OAEQcm2WnWc7v2euOkdYJFi4JDzS9rjieiRe2-GNd6ailwaw6UvDgeQEccwVYjnUIqGFRQL4NyFVPTFeOiCOQFzQ', e: 'AQAB' }, contact: [ 'mailto:baj9032@gmail.com' ], initialIp: '103.238.110.39', createdAt: '2019-09-20T08:07:38Z', status: 'valid' }, headers: { server: 'nginx', date: 'Fri, 20 Sep 2019 08:11:39 GMT', 'content-type': 'application/json', 'content-length': '551', connection: 'close', 'cache-control': 'public, max-age=0, no-cache', link: '<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"', location: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/11074181', 'replay-nonce': '00027sSdL_GbUp842Yw5P-69vfX0wI1vzkxBJGo6_9o6jwY', 'x-frame-options': 'DENY', 'strict-transport-security': 'max-age=604800' }, request: { uri: Url { protocol: 'https:', slashes: true, auth: null, host: 'acme-staging-v02.api.letsencrypt.org', port: null, hostname: 'acme-staging-v02.api.letsencrypt.org', hash: null, search: null, query: null, pathname: '/acme/new-acct', path: '/acme/new-acct', href: 'https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' }, method: 'POST', headers: { 'Content-Type': 'application/jose+json', 'Content-Length': 1155 } } } [acme-v2] DEBUG get cert 1 [greenlock/lib/core.js] setChallenge called for 'localhost' [DEBUG] waitChallengeDelay 500 [acme-v2] handled(?) rejection as errback: Error: connect ECONNREFUSED 127.0.0.1:80 at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14) Error loading/registering certificate for 'localhost': { Error: connect ECONNREFUSED 127.0.0.1:80 at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14) errno: 'ECONNREFUSED', code: 'ECONNREFUSED', syscall: 'connect', address: '127.0.0.1', port: 80 } ```
image.png
54 KiB
coolaj86 commented 2019-10-15 17:02:41 +00:00
Owner
Copy Link

IIRC you also asked this on StackOverflow and I answered there, but I'll give the gist here as well:

You can't use the specific hostname localhost, but rather you need to use one of the acme-dns-01-* plugins with a domain (such as local.my-domain.com) pointing to 127.0.0.1.

IIRC you also asked this on StackOverflow and I answered there, but I'll give the gist here as well: You can't use the specific hostname `localhost`, but rather you need to use one of the `acme-dns-01-*` plugins with a domain (such as `local.my-domain.com`) pointing to `127.0.0.1`.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
fix-v2-bump-deps
v2
github
next
v4
npm
v3
wip
dns-challenge-regression-fix
v2.4
v2.5
v2.3
v2.2
acmev2
v2.1
greenlock
v1
node-letsencrypt-python
v2.8.9
v4.0.5
v4.0.4
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.1.5
v3.1.4
v3.1.3
v3.0.25
v3.0.24
v3.0.23
v3.0.21
v3.0.20
v3.0.19
v3.0.18
v3.0.17
v3.0.16
v3.0.15
v3.0.12
v3.0.11
v3.0.10
v3.0.9
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v2.8.8
v2.8.7
v2.8.6
v2.8.5
v2.8.4
v2.8.3
v2.8.2
v2.8.1
v2.8.0
v2.7.23
v2.7.22
v2.7.21
v2.7.20
v2.7.19
v2.7.18
v2.7.17
v2.7.16
v2.7.15
v2.7.14
v2.7.13
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.7
v2.7.6
v2.7.5
v2.7.4
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.10
v2.6.9
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.10
v2.4.9
v2.4.8
v2.4.7
v2.4.2
v2.4.1
v2.4.0
v2.3.13
v2.3.12
v2.3.11
v2.3.10
v2.3.9
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.20
v2.2.19
v2.2.17
v2.2.18
v2.2.16
v2.2.15
v2.2.14
v2.2.13
v2.2.12
v2.2.11
v2.2.10
v2.2.8
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.0
v2.1.19
v2.1.18
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v1.5.8
v2.0.5
v2.0.4
v1.5.7
v1.5.6
v1.5.5
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v1.0.2
v1.0.0
v1.0.1
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/greenlock.js#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?