NodeJS HTTPS Server

Hello,

I would like to create an https server with NodeJS, with the full (strict) ssl option.

My server is heberged via AWS, and I want this instance’s url unable to get request outside Cloudflare.
I would like that the only way to access to my website is from my domain, proxysed via Cloudflare.

const https = require('https');
const fs = require('fs');

const options = {
    key: fs.readFileSync('sslcert/key-serveur-origine.key'),
    cert: fs.readFileSync('sslcert/cert-serveur-origine.crt'),
    ca: fs.readFileSync('sslcert/ca-crt.crt'),
    requestCert: true,
    rejectUnauthorized: true
};

https.createServer(options, (req, res) => {
  res.writeHead(200);
  res.end(':)');
}).listen(443);

This a simple https server I created, but when I start it, my instance’s url returns an error (what I want), but via Cloudflare it returns a 525 SSL handshake failed.

Can you help me to solve my problem ?

Thanks

And if rejectUnauthorized is false it works?

Are you using the default certificate or did you upload a custom one? From where did you get sslcert/ca-crt.crt? Did you enable client certificate authentication on Cloudflare’s side?

If rejectUnauthorized is false, my instance’s url is reachable, and my domain proxysed via Cloudflare works. But I don’t want my instance’s url being reachable.

key-serveur-origine.key and cert-serveur-origine.crt are certificates generated from my Origin CA panel on Cloudflare.

ca-crt.crt is the Cloudflare Origin ECC PEM certificate.

I didn’t enable client authentification on Cloudflare side.

Thanks

That is necessary. By default Cloudflare does not include the client certificate. That’s why the error.

You need the certificate from https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/set-up not the Origin root certificate.

Thanks a lot ! My problem was the Origin root certificate.

I wasn’t using the good one.

The client authentication wasn’t needed

Thanks for your time

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.