I don't completely understand this code, nor its' purpose:
And I don't see port 3000 in the listening list; So, I'm not sure that has been applied.
1 Like
@rg305 Rudy may be I found something interestingā¦
inserting in the web browser: http://localhost:80
I get this pageā¦:
But it seems no Apache 2 Service is running:
(base) marco@pc:~ sudo systemctl stop apache2.service
Failed to stop apache2.service: Unit apache2.service not loaded.
(base) marco@pc:~ sudo systemctl start apache2.service
Failed to start apache2.service: Unit apache2.service not found.
(base) marco@pc:~$ sudo apt-get remove apache2
[sudo] password for marco:
Reading package listsā¦ Done
Building dependency tree
Reading state informationā¦ Done
Package āapache2ā is not installed, so not removed
What does it mean?
Actually, it happens the same on the laptop (192.168.1.4) ā¦ so I do not think this is the problemā¦
With this /etc/nginx/conf.d/default.conf :
server {
listen 443 ssl http2 default_server;
server_name ggc.world;
ssl_certificate /etc/ssl/certs/chained.pem;
ssl_certificate_key /etc/ssl/private/domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
#ssl_stapling on;
#ssl_stapling_verify on;
access_log /var/log/nginx/ggcworld-access.log combined;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
error_page 497 https://$host:$server_port$request_uri;
server_name www.ggc.world;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/ggcworld-access.log combined;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# https://www.nginx.com/blog/nginx-nodejs-websockets-socketio/
# https://gist.github.com/uorat/10b15a32f3ffa3f240662b9b0fefe706
# http://nginx.org/en/docs/stream/ngx_stream_core_module.html
upstream websocket {
ip_hash;
server localhost:3000;
}
server {
listen 81;
server_name ggc.world www.ggc.world;
#location / {
location ~ ^/(websocket|websocket\/socket-io) {
proxy_pass http://127.0.0.1:4201;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwared-For $remote_addr;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
}
}
# https://stackoverflow.com/questions/40516288/webpack-dev-server-with-nginx-proxy-pass
with vue.config.js :
module.exports = {
// options...
publicPath: '',
devServer: {
host: 'localhost',
}
}
and with this webpack.config.js :
{
"mode": "development",
"entry": [
"src/index.js",
"webpack-dev-server/client?http://" + require("os").hostname() + ":3000/"
],
"output": {
"path": __dirname+'/static',
"filename": "[name].[chunkhash:8].js"
},
"module": {
"rules": [
{
"test": /\.vue$/,
"exclude": /node_modules/,
"use": "vue-loader"
},
{
"test": /\.pem$/,
"use": "file-loader"
}
]
},
plugins: [
new BrowserSyncPlugin(
{
host: 'localhost',
port: 3000,
proxy: 'http://localhost:8080'
},
{
reload: false
}
),
],
node: {
__dirname: false,
__filename: false
},
resolve: {
extension: ['*', '.pem']
},
devServer: {
watchOptions: {
aggregateTimeout: 300,
poll: 1000
}
}
}
And still get this error message:
GET https://localhost/sockjs-node/info?t=1580397983088 net::ERR_CONNECTION_REFUSED
I donāt know much about your app.
But I do know that ālocalhostā in human terms means āmeā or āIā [the computer conceptual equivalent of āselfā]; So that when any system refers to ālocalhostā it is actually referring to itself.
When you tried the link to https://localhost/sockjs-node/info?t=1580397983088, on which machine was that tested from?
1 Like
@rg305 Hi Rudy!!
-
From within ghe PC-Server:
(base) marco@pc:~$ curl -Iki https://localhost/sockjs-node/info?t=1580397983088
HTTP/2 405
server: nginx/1.14.0 (Ubuntu)
date: Fri, 31 Jan 2020 08:19:02 GMT
allow: OPTIONS, GET(base) marco@pc:~/vueMatters/testproject$ curl -vk https://localhost/sockjs-
node/info?t=1580397983088- Trying ::1...
- TCP_NODELAY set
- connect to ::1 port 443 failed: Connection refused
- Trying 127.0.0.1...
- TCP_NODELAY set
- Connected to localhost (127.0.0.1) port 443 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs - TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
- TLSv1.3 (IN), TLS handshake, Unknown (8):
- TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Client hello (1):
- TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
- ALPN, server accepted to use h2
- Server certificate:
- subject: CN=ggc.world
- start date: Nov 30 11:22:10 2019 GMT
- expire date: Feb 28 11:22:10 2020 GMT
- issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
- SSL certificate verify ok.
- Using HTTP2, server supports multi-use
- Connection state changed (HTTP/2 confirmed)
- Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
- TLSv1.3 (OUT), TLS Unknown, Unknown (23):
- TLSv1.3 (OUT), TLS Unknown, Unknown (23):
- TLSv1.3 (OUT), TLS Unknown, Unknown (23):
- Using Stream ID: 1 (easy handle 0x559bc64c5580)
- TLSv1.3 (OUT), TLS Unknown, Unknown (23):
GET /sockjs-node/info?t=1580397983088 HTTP/2
Host: localhost
User-Agent: curl/7.58.0
Accept: /- TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- TLSv1.3 (IN), TLS Unknown, Unknown (23):
- Connection state changed (MAX_CONCURRENT_STREAMS updated)!
- TLSv1.3 (OUT), TLS Unknown, Unknown (23):
- TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 200
< server: nginx/1.14.0 (Ubuntu)
< date: Fri, 31 Jan 2020 14:00:47 GMT
< content-type: application/json; charset=UTF-8
< access-control-allow-origin: *
< vary: Origin
< cache-control: no-store, no-cache, no-transform, must-revalidate, max-age=0
< strict-transport-security: max-age=31536000
< - Connection #0 to host localhost left intact
-
From a laptop:
(base) marco@marco-U36SG:~$ curl -Iki https://ggc.world/sockjs-node/info?t=1580397983088
HTTP/1.1 405 Method Not Allowed
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 31 Jan 2020 09:34:59 GMT
Connection: keep-alive
Allow: OPTIONS, GET(base) marco@marco-U36SG:~$ curl -vk https://ggc.world/sockjs-node/info?t=1580397983088
- Trying 2.36.58.214:443...
- TCP_NODELAY set
- Connected to ggc.world (2.36.58.214) port 443 (#0)
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /home/marco/anaconda3/ssl/cacert.pem
CApath: none - TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
- ALPN, server accepted to use http/1.1
- Server certificate:
- subject: CN=ggc.world
- start date: Nov 30 11:22:10 2019 GMT
- expire date: Feb 28 11:22:10 2020 GMT
- issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
- SSL certificate verify ok.
GET /sockjs-node/info?t=1580397983088 HTTP/1.1
Host: ggc.world
User-Agent: curl/7.65.2
Accept: /- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- old SSL session ID is stale, removing
- Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Fri, 31 Jan 2020 14:04:11 GMT
< Content-Type: application/json; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Vary: Origin
< Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0
< Strict-Transport-Security: max-age=31536000
< - Connection #0 to host ggc.world left intact
{"websocket":true,"origins":[":"],"cookie_needed":false,"entropy":1587194190}
@rg305 If {"websocket":true,"origins":[":"],"cookie_needed":false,"entropy":1587194190}
why in the browser I get sockjs.js?9be2:1606 GET https://localhost:8080/sockjs-node/info?t=1580462612618 net::ERR_CONNECTION_REFUSED ? I do not understand
The capital "I" in curl -Iki tries to do a HEAD request.
While your system is only allowing:
Iām sorry, I do not know.
@rg305 Hi Rudy!
In the PC I installed ex-novo Ubuntu 18.04.3 Desktop and I verified that the problem disappeared.
I ran the same tiny webapp in both laptop and pc, and using localhost and the ip-address both from within the laptop/PC and from the other device (PC/laptop) gave no error.
I reported everything here:
According to you, what kind of problems/missing parts/lacking features or whatever the Ubuntu 18.04.4 Server Edition could have compared to the Ubuntu 18.04.4 Desktop Edition?
It would be great if we could give to the Ubuntuās people some hints/suggestions and help in solving this problem.
1 Like
The problem doesnāt appear to be in any way related to LE, or any acme client, or the certificate that was issued. Sorry, I donāt know how to help you.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.