bXSS listening on port undefined

ghost commented 4 years ago

I am a bit unsure if my config is correct. When I start bXSS I get: bXSS listening on port undefined

Should I also comment out config.github = {}; if I don't want to use it?
Should I change config.url = process.env.url || 'mydoamin.com'; to config.url = 'mydoamin.com';?
Do the pahts for letsencrypt need ticks, such as config.letsEncrypt.publicKey = '/etc/letsencrypt/live/mydoamin.com/fullchain.pem';

LewisArdern commented 4 years ago

please post your full config and i will review it, remove any sensitive info

ghost commented 4 years ago

Thanks for your help

const config = {};

config.twilio = {};
config.gmail = {};
config.slack = {};
config.letsEncrypt = {};
config.ciscoSpark = {};
config.discord = {};
config.twitter = {};
config.github = {};
config.port = 443;

config.port.http = process.env.httpPort || 80;
config.url = process.env.url || 'mydomain.com';
config.url = 'mydomain.com';
config.boundary = process.env.boundary || '#!!!!#';
config.bodyLimit = process.env.bodyLimit || '50mb';

config.letsEncrypt.TLS = true;
config.port.https = 443;
  process.env.httpsPort || 443;
config.letsEncrypt.publicKey = `/etc/letsencrypt/live/mydomain.com/fullchain.pem`;
  process.env.publicKey || `/etc/letsencrypt/live/${config.url}/fullchain.pem`;
config.letsEncrypt.privateKey = `/etc/letsencrypt/live/mydomain.com/privkey.pem`;
  process.env.privateKey || `/etc/letsencrypt/live/${config.url}/privkey.pem`;
config.letsEncrypt.ca = `/etc/letsencrypt/live/mydomain.com/chain.pem`;
  process.env.ca || `/etc/letsencrypt/live/${config.url}/chain.pem`;

// Remove if you dont' want Twilio
// config.twilio.accountSid = process.env.accountSid || '';
// config.twilio.authToken = process.env.authToken || '';
// config.twilio.to = process.env.twilioTo || ['']; // add additonal numbers with comma seperation e.g '+447000000', ''
// config.twilio.from = process.env.twilioFrom || '';

// Remove if you dont want Discord
// config.discord.token = process.env.discordToken || '';
// config.discord.channel = process.env.discordChannel || '';

// Remove if you dont want Slack
// config.slack.token = process.env.token || '';
// config.slack.channel = process.env.slackChannel || '';

// Remove if you dont want Cisco Webex Teams
// config.ciscoSpark.token = process.env.sparkToken || '';
// config.ciscoSpark.sparkRoom = process.env.sparkRoom || ['']; // add additonal emails with comma seperation e.g 'youremail@gmail.com', ''

// Remove if you don't want Twitter
// config.twitter.consumer_key = process.env.twitterConsumerKey || '';
// config.twitter.consumer_secret = process.env.twitterSecret || '';
// config.twitter.access_token_key = process.env.twitterAccessKey || '';
// config.twitter.access_token_secret = process.env.twitterAccessSecret || '';
// config.twitter.recipient_id = process.env.recipient || ['']; // add additional recipients which can be comma seperation e.g '12030210321','1232131321'

// Remove if you don't want email
// config.smtp.user = process.env.smtpUser || 'user@example.com';
// config.smtp.pass = process.env.smtpPass || 'hunter2';
// config.smtp.port = process.env.smtpPort || '469';
// config.smtp.host = process.env.smtpHost || 'smtp.example.com';
// config.smtp.tls = process.env.smtpTls || true; // true or false
// config.smtp.to = process.env.smtpTo || ['user2@example.com']; // add additonal emails with comma seperation '', ''

// Remove if you don't want github
// config.github.accessToken = process.env.accessToken || '';
// config.github.repo = process.env.githubRepo || '';

// 1 Everything
// 0 Just DOM Nodes
config.intrusiveLevel = 0;

module.exports = config;

LewisArdern commented 4 years ago

You need to decide if you are going to run as HTTP or HTTPS. Are you running it beind anything? if you arent using HTTPS all you need to do is:

const config = {};
config.port = {};

config.port.http = process.env.httpPort || 80;

config.url = process.env.url || 'localhost';  // <-- your domain

config.boundary = process.env.boundary || '#!!!!#';
config.bodyLimit = process.env.bodyLimit || '50mb';

config.letsEncrypt.TLS = false;

If you intend to use HTTPS, then you can do:


const config = {};
config.port = {};

config.port.http = process.env.httpPort || 80;

config.url = process.env.url || 'localhost';  // <-- your domain

config.boundary = process.env.boundary || '#!!!!#';
config.bodyLimit = process.env.bodyLimit || '50mb';

config.letsEncrypt.TLS = true;
config.port.https = process.env.httpsPort || 443;
config.letsEncrypt.publicKey =
  process.env.publicKey || `/etc/letsencrypt/live/${config.url}/fullchain.pem`;
config.letsEncrypt.privateKey =
  process.env.privateKey || `/etc/letsencrypt/live/${config.url}/privkey.pem`;
config.letsEncrypt.ca = process.env.ca || `/etc/letsencrypt/live/${config.url}/chain.pem`;

LewisArdern / bXSS

bXSS listening on port undefined #35