search

meteorhacks / cluster

Clustering solution for Meteor with load balancing and service discovery
https://meteorhacks.com/cluster-a-different-kind-of-load-balancer-for-meteor.html
MIT License
632 stars 80 forks source link

HTTPS doesn't work on Cloudflare #45

Open AdamBrodzinski opened 9 years ago

AdamBrodzinski commented 9 years ago

If I go through the "deploying a highly available meteor cluster" tutorial and enter the url in with https the page loads but the cluster does not work. If I open the console i'm getting this in Chrome:

Mixed Content: The page at 'https://mydomain.net/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://162.xxx.xx.xxx/cluster-ddp/3ad40d3dc87940b5724b52c633d860b3be071630/search/631/nkhc327e/xhr'. This request has been blocked; the content must be served over HTTPS.

If I set the "CLUSTER_BALANCER" to "//162.xxx.xx.xx" (or https) I get an error:

POST https://45.xx.xxx.xxx/cluster-ddp/9807e97fb619e150c77a30f653b521d75033eac1/web/494/lk53znrn/xhr net::ERR_CONNECTION_REFUSED

Is there an easy way to accept https on all of the nodes that are not balancers?

jadsonlourenco commented 9 years ago

Hi @AdamBrodzinski, try disable the websocket in all apps: DISABLE_WEBSOCKETS="1"

Place the cluster address in HTTPS, then it would be https://192.168.1.21 the same thing for the ROOT_URL of each app, all with HTTPS in the address.

Usually when you add an app in the cluster it creates an entry for that app in the database you use to discover the cluster, but if you change the address then it will add another entry, I advise remove all and start apps, and whenever you change cluster settings do the same, so will not receive error "404".

I use CloudFlare with HTTPS -> HTTPS and works properly. But last week broke the head with another question: #44

Anyway hope this helps you.

AdamBrodzinski commented 9 years ago

Thanks @jadsonlourenco ! I double checked and I have the disable websockets under the "env" object in the mup config. I shut down all the server and cleared the collection, then booted the servers. It still seems like it wants to setup the endpoints as http. I also tried running mup setup on each afterward.

search mup.json

{
  // Server authentication info
  "servers": [
    {
      "host": "107.170.81.xxx",
      "username": "root",
      "pem": "../ssh/digocean"
    },
    {
      "host": "45.55.154.xxx",
      "username": "root",
      "pem": "../ssh/digocean"
    }
  ],

  // Install MongoDB in the server, does not destroy local MongoDB on future setup
  "setupMongo": false,

  // WARNING: Node.js is required! Only skip if you already have Node.js installed on server.
  "setupNode": true,

  // WARNING: If nodeVersion omitted will setup 0.10.36 by default. Do not use v, only version number.
  "nodeVersion": "0.10.33",

  // Install PhantomJS in the server
  "setupPhantom": true,

  // Application name (No spaces)
  "appName": "bulletsearch",

  // Location of app (local directory)
  "app": "../../search",

  // Configure environment
  "env": {
    "ROOT_URL": "https://mydomain.net",
     "DISABLE_WEBSOCKETS": "1",

    "MONGO_URL": "mongodb://user:pass@dogen.mongohq.com:10075/bp-test",
    "CLUSTER_DISCOVERY_URL": "mongodb://user:pass@dogen.mongohq.com:10089/bp-cluster-discovery",

    "CLUSTER_SERVICE": "search"
  },

  // Meteor Up checks if the app comes online just after the deployment
  // before mup checks that, it will wait for no. of seconds configured below
  "deployCheckWaitTime": 15
}

web mup.json

{
  // Server authentication info
  "servers": [
    {
      "host": "162.243.49.xx",
      "username": "root",
      "pem": "../ssh/digocean",
      "env": {
        "CLUSTER_BALANCER_URL": "https://162.243.49.xx"
      }
    },
    {
      "host": "45.55.129.xxx",
      "username": "root",
      "pem": "../ssh/digocean",
      "env": {
        "CLUSTER_BALANCER_URL": "https://45.55.129.xxx"
      }
    }
  ],

  // Install MongoDB in the server, does not destroy local MongoDB on future setup
  "setupMongo": false,

  // WARNING: Node.js is required! Only skip if you already have Node.js installed on server.
  "setupNode": true,

  // WARNING: If nodeVersion omitted will setup 0.10.36 by default. Do not use v, only version number.
  "nodeVersion": "0.10.33",

  // Install PhantomJS in the server
  "setupPhantom": true,

  // Application name (No spaces)
  "appName": "bulletweb",

  // Location of app (local directory)
  "app": "../../web",

  // Configure environment
  "env": {
    "ROOT_URL": "https://mydomain.net",
     "DISABLE_WEBSOCKETS": "1",

    "MONGO_URL": "mongodb://user:pass@dogen.mongohq.com:10075/bp-test",
    "CLUSTER_DISCOVERY_URL": "mongodb://user:pass@dogen.mongohq.com:10089/bp-cluster-discovery",

    "CLUSTER_SERVICE": "web",
    "CLUSTER_PUBLIC_SERVICES": "search"
  },

  // Meteor Up checks if the app comes online just after the deployment
  // before mup checks that, it will wait for no. of seconds configured below
  "deployCheckWaitTime": 15
}

Collection

{
  _id: "hMHgXyZv73PMh72JM",
  serviceName: "web",
  endpoint: "http://45.55.129.xxx:80",
  timestamp: ISODate("2015-04-19T02:05:48.806Z"),
  pingInterval: 5000,
  endpointHash: "9807e97fb619e150c77a30f653b521d75033eac1",
  balancer: "https://45.55.129.xxx"
}
{
  _id: "rymi86mariKi5CaP9",
  serviceName: "web",
  endpoint: "http://162.243.49.xx:80",
  timestamp: ISODate("2015-04-19T02:11:38.770Z"),
  pingInterval: 5000,
  endpointHash: "139f1e09a4de46b126a47aac7e601390d5caa020",
  balancer: "https://162.243.49.xx"
}
{
  _id: "sHKE4NSvMHYJXdGcy",
  serviceName: "search",
  endpoint: "http://45.55.154.xxx:80",
  timestamp: ISODate("2015-04-19T02:12:31.983Z"),
  pingInterval: 5000,
  endpointHash: "453e5fb10fddbdd34b297d895c2f3f35ae2803e6",
  balancer: null
}
{
  _id: "p5txkgJKZAH5JdbuQ",
  serviceName: "search",
  endpoint: "http://107.170.81.xxx:80",
  timestamp: ISODate("2015-04-19T02:12:53.049Z"),
  pingInterval: 5000,
  endpointHash: "3ad40d3dc87940b5724b52c633d860b3be071630",
  balancer: null
}
jadsonlourenco commented 9 years ago

@AdamBrodzinski look this: endpoint: "http://107.170.81.xxx:80"its mean that browser will connect on this IP and is not in HTTPS, is HTTP. So you need define this endpoint as HTTPS too, in CloudFlare define to use SSL (free) - and define a rule to convert all traffic to HTTPS, on domain settings - So if you access the domain with HTTPS and in this app has some content that is from HTTP will get this message.

In your case I recommend that: create a subdomain for each IP (see the README here in this repo, has a good example), and set this for CLUSTER_ENDPOINT_URL, so you have two "web" service, add two A entry on CloudFlare for each IP for this service:

A (45.55.129.xxx:80) --> web.domain.com
A (162.243.49.xx:80) --> web.domain.com

and set the Cluster settings for this:

CLUSTER_ENDPOINT_URL= "https:web.domain.com"

In this mode will access this service by the domain not by the IP, and in CloudFlare can configure the SSL to use HTTPS -> HTTP, I think this will work. Try please. For me work.

Thanks!

AdamBrodzinski commented 9 years ago

Hmm, this didn't seem to work either. I think i'm going to try deleting the DO instances and starting over from scratch.

jadsonlourenco commented 9 years ago

I have a working installation of these, not using MUP, using Docker container, but the architecture is the same, but in all cases I put the configuration addresses as HTTPS, as I explained. Review this detail, disable CloudFlare for each subdomain and use SSL certificates generated by you, then configure the cluster with HTTPS address to everything and you will only see the warning invalid certificate, because you created it, but will be able to access the applications.