skip to Main Content

My NUXT SSR website https://tejasjadhav2001.tech is hosted at https://34.93.29.137:3333 and Expressjs server for REST backend is hosted at https://34.93.29.137:3000

https://34.93.29.137:3333 is proxied to the Nginx root which uses tejasjadhav2001.tech as the domain

The frontend calls the backend rest API like this:

FRONTEND:

getArticles(id) {
    return axios({
      method: "GET",
      url: https://34.93.29.137:3000/api/v1/blog/`,
      withCredentials: true,
});

But the request to the backend is failing with the CORS error

Even though I have configured CORS on the backend like this:

BACKEND:

const corsOptions ={
    origin:[
            'https://34.93.29.137:3000/',
            'https://34.93.29.137:3333',
            'https://34.93.29.137',
            'https://tejasjadhav2001.tech',
            'http://tejasjadhav2001.tech',
    ],
    credentials:true,            //access-control-allow-credentials:true
    optionSuccessStatus:200
}
console.log("Using cors options");
app.use(cors(corsOptions));

But the catch here is this CORS issue is not seen when I call the Backend API manually via the browser for example: https://34.93.29.137:3000/api/v1/blog , accepts the SSL warning, it loads the data and now if I go to https://34.93.29.137:3333 or https://tejasjadhav2001.tech, it also loads the data from Backend and site works all fine after

Attaching my NGINX config too

a@instance-1:~$ cat /etc/nginx/sites-available/default 
server {
        listen 443 ssl;
        server_name tejasjadhav2001.tech www.tejasjadhav2001.tech;

        gzip on;
        gzip_types  text/plain application/xml;
        gzip_proxied    no-cache no-store private expired auth;
        gzip_min_length 1000;
    ssl_certificate /etc/letsencrypt/live/tejasjadhav2001.tech/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tejasjadhav2001.tech/privkey.pem; # managed by Certbot
    #ssl_password_file /etc/ssl/certs/pass.pass;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;

        # This is a cache for SSL connections
        ssl_session_cache shared:le_nginx_SSL:1m;
        ssl_session_timeout 1440m;

        rewrite ^/(.*)/$ /$1 permanent;


        location / {
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_redirect          off;
                proxy_buffering         on;
                #proxy_cache             STATIC;
                proxy_cache_valid   200 1d;
                proxy_cache_use_stale   error timeout invalid_header updating http_500 http_502 http_503 http_504;

                proxy_pass              https://34.93.29.137:3333;
                proxy_read_timeout  1m;
                proxy_connect_timeout   1m;
        }

Is this issue with the CORS or SSL cert?
Thanks,
Tejas

2

Answers


  1. Chosen as BEST ANSWER

    I found the issue: The issue was with the Backend SSL cert, After I added SSL to my expressjs server, it solved the issue

    Below diffs solved the issue:

    -const server = app.listen(process.env.PORT, () => {
    +var options = {
    +       key: fs.readFileSync('./ssl/privkey.pem'),
    +       cert:fs.readFileSync('./ssl/fullchain.pem')
    +};
    +const server = https.createServer(options, app).listen(process.env.PORT, '0.0.0.0',() => {
            console.log("port is ", process.env.PORT);
     });
    

    and adding ['https://tejasjadhav2001.tech:3000/'] in corsOptions.origin

    SSL certs are generated with letsencrypt:

    a@instance-1:~/Desktop/demo-digoc-app-service$ ls -lrt ./ssl/
    total 20
    -rw-r--r-- 1 a    a    1436 Nov 26 12:00 certificate.pem
    -rw------- 1 a    a    1704 Nov 26 12:01 privatekey.pem
    -rwxrwxrwx 1 root root 5563 Nov 29 06:28 fullchain.pem
    -rwxrwxrwx 1 root root 1704 Nov 29 06:30 privkey.pem
    a@instance-1:~/Desktop/demo-digoc-app-service$ 
    
    

  2. The browser console shows this error GET https://34.93.29.137:3000/api/v1/blog/?page=1&limit=10&sort=-dateCreated net::ERR_CERT_AUTHORITY_INVALID. It’s possibly SSL cert error. Please try to configure the backend to use proper SSL cert.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search