When i enable ssl on Node.js it will give me 403

aaP_p33tcz

Hello,
I recently installed aapanel. I'm trying to host an express.js app there but the ssl is weird. The app without ssl works perfectly but when i apply for ssl it needs to be thru cloudflare because otherwise it will give me failed. So when i activate the ssl thur the "DNS Verification" it's giving me Forbidden, You don't have permission to access this resource.

Anyone got any solution?

EDIT: When it shows the forbidden error the page has ssl but you can't access it

aaP_niamileo

when you add a nodejs app (express, next, nuxt, etc) it adds somthing like this to your virtual host config file:

<VirtualHost *:80>
    ServerAdmin admin@something
    DocumentRoot "/www/wwwroot/something.com"
    ServerName 80.ehsandevs
    ServerAlias ehsandevs.ir
    #errorDocument 404 /404.html
    ErrorLog "/www/wwwlogs/something-error_log"
    CustomLog "/www/wwwlogs/something-access_log" combined
    #HTTP_TO_HTTPS_START
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]
    </IfModule>
    #HTTP_TO_HTTPS_END

    

    #DENY FILES
     <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env)$>
       Order allow,deny
       Deny from all
    </Files>

    #SSL
    ProxyPass /.well-known/ !

    #HTTP reverse proxy related settings begin >>>
    <IfModule mod_proxy.c>
        ProxyRequests Off
        SSLProxyEngine on
        ProxyPass / http://127.0.0.1:3000/
        ProxyPassReverse / http://127.0.0.1:3000/
    </IfModule>
    #End of HTTP reverse proxy related settings <<<
</VirtualHost>

(my web server is apache but if you got this problem in nginx it might give you the idea)

and when you enable SSL, it adds below code (ths previous code still exists and not replaced)

<VirtualHost *:443>
    ServerAdmin webmaster@example.com
    DocumentRoot "/www/wwwroot/somthing.ir/"
    ServerName SSL.somthing
    ServerAlias somthing.com 
    #errorDocument 404 /404.html
    ErrorLog "/www/wwwlogs/somthing-error_log"
    CustomLog "/www/wwwlogs/somthing-access_log" combined
    
    #SSL
    SSLEngine On
    SSLCertificateFile /www/server/panel/vhost/cert/somthing/fullchain.pem
    SSLCertificateKeyFile /www/server/panel/vhost/cert/somthing/privkey.pem
    SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1
    SSLHonorCipherOrder On
    
    
    #PHP
    <FilesMatch \.php$>
            SetHandler "proxy:unix:/tmp/php-cgi-00.sock|fcgi://localhost"
    </FilesMatch>
    

    #DENY FILES
     <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
       Order allow,deny
       Deny from all
    </Files>

    #PATH
    <Directory "/www/wwwroot/somthing/">
        SetOutputFilter DEFLATE
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        DirectoryIndex index.php index.html index.htm default.php default.html default.htm
    </Directory>
</VirtualHost>

just notice the #PATH section.
man, this is a php thing. This problem is just a bug with aaPanel

you just need to replace this section in your VirtualHost *:443 section:

 #PATH
    <Directory "/www/wwwroot/ehsandevs.ir/">
        SetOutputFilter DEFLATE
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        DirectoryIndex index.php index.html index.htm default.php default.html default.htm
    </Directory>

with this:

#HTTP reverse proxy related settings begin >>>
    <IfModule mod_proxy.c>
        ProxyRequests Off
        SSLProxyEngine on
        ProxyPass / http://127.0.0.1:3000/
        ProxyPassReverse / http://127.0.0.1:3000/
    </IfModule>
    #End of HTTP reverse proxy related settings <<<

(its just copied from VirtualHost *:80 section)