Enable HTTPS, SSL

[krazy707]

Hi, is there a way to enable secure tunneling, over https. I was able to test on regular http, it worked fine, however, could not find any steps to enable encryption

[skiwithuge]

did you find a solution?

[easysoft-mobility]

I need that too

[lexxsoft]

Have anyone managed to run the server over SSL? It looks SSL is not actually being utilized at all. I am getting:

OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

It does not seem to be configurable by the looks from the app's source code.

But I believe that it would not take too much of work to add the support, since a pretty easy guide in unrelated topic for same application server (Koa) can be found at https://www.rechberger.io/setup-https-letsencrypt-for-koa-js/. That does not look complicated at all, so I hope I might need to spend some time if no one has a solution ready.

[skiwithuge]

hello lexxsoft did you figure out in the end?

[lexxsoft]

hello lexxsoft did you figure out in the end?

Yes, I did. There are more than one way to achieve the result, and I believe I have made a setup exactly how localtunnel.me works, there is no need to hack the code: you only need to host localtunnel-server bound on 127.0.0.1:3000 (not exposing it to outside) and forward Nginx reverse proxy to it.

That's a win-win: no need to change code (i.e. easier to update), and there are plenty instructions how to setup Nginx with certificates.

Though in my case that's not fully satisfactory solution because my domain provider does not allow automated wildcard renewal, so every X months I will have to manually update Let's Encrypt certificate, but that's a problem for another time.

[jason-shen]

hello lexxsoft did you figure out in the end?

Yes, I did. There are more than one way to achieve the result, and I believe I have made a setup exactly how localtunnel.me works, there is no need to hack the code: you only need to host localtunnel-server bound on 127.0.0.1:3000 (not exposing it to outside) and forward Nginx reverse proxy to it.

That's a win-win: no need to change code (i.e. easier to update), and there are plenty instructions how to setup Nginx with certificates.

Though in my case that's not fully satisfactory solution because my domain provider does not allow automated wildcard renewal, so every X months I will have to manually update Let's Encrypt certificate, but that's a problem for another time.

is there anything special that requires in the nginx https forwarding or just the normal way would work?

[lexxsoft]

is there anything special that requires in the nginx https forwarding or just the normal way would work?

No, normal reverse proxy will do. However since I am hosting localtunnel-server not on the edge node, I also do a forwarding from gateway, to function it requires to have arbitrary ports available at any time - but as I do not want to forward all the ports to my internal hosting server, some small modifications had needed to be made in localtunnel-server code to limit it to a reasonable pre-defined range of ports which then I mannually forward to.

[yashwanth2714]

I use AWS Services like EC2 to host the server. I believe I need to modify the code to add HTTPS. If you have any ideas on how to do that, could you guide me?

[yashwanth2714]

I'm experiencing a tunnel disconnection issue with AWS. I use EC2 for the server and Route 53 for DNS records, which are directed to the ALB with ACM for HTTPS. Sub-domains function properly when using the EC2 instance's IP address, but encounter issues when utilizing the ALB for HTTPS support. Security Group rules permit traffic from all sources. I would appreciate any assistance. I have been unable to resolve this for 10 days.

#169