[SOLVED] Redirect port 443 requests to port 3000 on hostmonster (Centos 6.8) for Node Express Application listening on port 3000

brentw · 12-19-2016, 10:54 AM

I have a secure (https) node express application that I have listening on port 3000 => https://mywebsite.net:3000 running on hostmonster (Centos 6.8).

I want requests to port 443 (i.e. https://mywebsite.net / https://mywebsite.net:443) to be forwarded to my node express server application listening on port 3000 => https://mywebsite.net:3000

This is due to not be able to directly listen on port 443.

I logged into hostmonster as root.

I added the following rule to the iptable:

iptables -t nat -A PREROUTING -s 123.123.123.123 -p tcp --dport 443 -j DNAT --to-destination
service iptables save

I see the following when I type: iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- server.mywebsite anywhere tcp dpt:https to: 123.123.123.123:3000
DNAT tcp -- server.mywebsite anywhere tcp dpt:https to: 123.123.123.123:3000

The issue is if I type https://mywebsite.net or https://mywebsite.net:443 (same thing) in a browser it does not go to my main node express application page listening on port 3000.

I also used Google's postman to do a request of https://mywebsite.net:443 and it does not return information from my main node express application page listening on port 3000.

So it does not appear the redirect from port 443 to port 3000 is working?

What am I missing?

bathory · 12-20-2016, 02:22 AM

Hi,

Apart from iptables, you need to enable IP forwarding:

Code:

sysctl -w net.ipv4.ip_forward=1

For a complete example, have a look here

Regards

brentw · 12-20-2016, 09:18 AM

Great thank you for your help!

Coffee!!! · 12-20-2016, 09:40 AM

You're just trying to forward port traffic? You don't need to enable IP forwarding on your server and its as easy as adding these lines to your current Apache SSL.conf:

ProxyPreserveHost On
ProxyPass / https://localhost:3000/
ProxyPassReverse / https://hostname.com/
</VirtualHost>

brentw · 12-20-2016, 10:09 AM

Yes I am just trying to forward port traffic. And thank you, I will try this out.

Coffee!!! · 12-20-2016, 10:22 AM

No problem. I use this setup on all of my web servers and it works flawlessly with Apache Tomcat (both 8080 and 8443). Depending on what kind of traffic is passed in the headers, you may have to fiddle with mods but Apache has a ton of documentation about which ones you might need.

lazydog · 12-20-2016, 11:18 AM

Quote:

Originally Posted by brentw

iptables -t nat -A PREROUTING -s 123.123.123.123 -p tcp --dport 443 -j DNAT --to-destination
service iptables save

I see the following when I type: iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- server.mywebsite anywhere tcp dpt:https to: 123.123.123.123:3000
DNAT tcp -- server.mywebsite anywhere tcp dpt:https to: 123.123.123.123:3000

For redirecting to a port on the same system you want to use REDIRECT not DNAT.
You rule should looks something like this:

Code:

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3000

The other problem is you are NAT'ing on the Source address which is not needed unless you only want the connection from that IP to be natted.

brentw · 12-20-2016, 11:25 AM

This worked, thank you!

lazydog · 12-20-2016, 11:38 AM

If any of the suggestion above fixed your issue it would be nice if you stated what fixed your problem and marked the thread as SOLVED.

Maybe even click that "Did you find this post helpful? Yes" to add to the persons rep so people will know this person helped others in the past.