HTTPS connection refused

[guoyunhe]

Here is my server

// server.ts
import { Ignitor } from '@adonisjs/core/build/standalone';
import { existsSync, readFileSync } from 'fs';
import { createServer as createHttpServer } from 'http';
import { createServer as createHttpsServer } from 'https';
import 'reflect-metadata';
import sourceMapSupport from 'source-map-support';

sourceMapSupport.install({ handleUncaughtExceptions: false });

new Ignitor(__dirname).httpServer().start((handle) => {
  const sslKey = '/etc/letsencrypt/live/rgi-api.guoyunhe.me/privkey.pem';
  const sslCert = '/etc/letsencrypt/live/rgi-api.guoyunhe.me/fullchain.pem';
  if (existsSync(sslKey) && existsSync(sslCert)) {
    return createHttpsServer(
      {
        key: readFileSync(sslKey),
        cert: readFileSync(sslCert),
      },
      handle
    );
  } else {
    return createHttpServer(handle);
  }
});

if you need the full repo, it is here https://github.com/guoyunhe/rgi-api

When I curl the site url, it refused connection.

$ curl https://rgi-api.guoyunhe.me/
curl: (7) Failed to connect to rgi-api.guoyunhe.me port 443 after 0 ms: Connection refused

However, a simple server like this:

const https = require(`https`);
const fs = require(`fs`);

const certDir = `/etc/letsencrypt/live`;
const domain = `rgi-api.guoyunhe.me`;
const options = {
  key: fs.readFileSync(`${certDir}/${domain}/privkey.pem`),
  cert: fs.readFileSync(`${certDir}/${domain}/fullchain.pem`)
};

https.createServer(options, (req, res) => {
  res.writeHead(200);
  res.end(`hello world\n`);
}).listen(443);

Works perfectly:

$ curl https://rgi-api.guoyunhe.me/
hello world

So I think it is not a network or firewall issue.

Can you help? Thanks!

[guoyunhe]

Finally, I figured it out.

The Reason

Let's say my website domain is api.example.com.

1. Most Linux has a global environment variable: HOST=localhost.
2. AdonisJS gives environment variables higher priority than those from .env files. So your HOST=api.example.com in your .env file is always ignored. HOST is still localhost.
3. AdonisJS start HTTP/HTTPS server with .listen({ host: this.application.env('HOST'), port: this.application.env('PORT') }). For HTTPS server, it accepts only requests whose domain match HOST, which is still localhost.
4. As a result, when you visit https://api.example.com/, server refuses your connection.

Solution 1

Set system environment variables. If you only have one app on the server, this way is better.

Create a file /etc/profile.d/host.sh with content:

export HOST=api.example.com

Solution 2

Run node with inline environment variables. If you have multiple apps on the server and they rely on different HOST values, this way is better.

HOST=api.example.com ENV_PATH=/srv/www/api.example.com/.env node build/server.js

Solution 3 from @RomainLanz

Don't let your node app deal with SSL. Let your reverse proxy (Nginx, Traefik, Caddy, etc.) deal with it.

[RomainLanz]

The best would be to let your reverse proxy (Nginx, Traefik, Caddy, etc.) deal with SSL.
Your node application shouldn't care about that.