HTTPS – HTTP communication on the same server

All we need is an easy explanation of the problem, so here it is.

There is a server. On the server is apache. Apache has certificates. On the apache is a website – client, thanks to certificates the client is accessible by https://example.com/~path. The client is only HTML with Javascript.

On the same server but different port runs node.js app. So when I go to http://example.com:port I get an answer.

I want to get data from node.js server with ajax from client. So far I get Mixed Content: The page at 'https://example.com/~path' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://server.com:port'. This request has been blocked; the content must be served over HTTPS.

Obviously I need node.js to be https. I can’t use self-signed certificates because it’s public app and people would still have to add certificate to their browser right?

What is the best solution to my situation? Can I somehow utilize certificates from apache. Does it help me that they both run on the same server? Or should I use something else?

The server is not mine, so there is a limit of what I can do.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

The only solution is to use HTTPS for your AJAX service that is running on example.com:port.

One easy way to make that happen would be to use a reverse proxy on your main server that is already running HTTPS. You could set up a directory such as https://example.net/service to reverse proxy from http://example.com:port. Then your AJAX client would request the secure directory URL and your secure web server would be the only thing fetching the content from the other port. It would do so locally, so it would be far less insecure. For details about how to set up a reverse proxy directory under Apache, see this answer to a question on ServerFault.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply