How to force SSL / https in Express.js

后端 未结 8 1630
小鲜肉
小鲜肉 2020-11-27 11:54

I am trying to create a middleware for Express.js to redirect all non-secure (port 80) traffic to the secured SSL port (443). Unfortunately there is no information in an Exp

相关标签:
8条回答
  • 2020-11-27 12:29

    Just in case you're hosting on Heroku and just want to redirect to HTTPS regardless of port, here's the middleware solution we're using.

    It doesn't bother to redirect if you're developing locally.

    function requireHTTPS(req, res, next) {
      // The 'x-forwarded-proto' check is for Heroku
      if (!req.secure && req.get('x-forwarded-proto') !== 'https' && process.env.NODE_ENV !== "development") {
        return res.redirect('https://' + req.get('host') + req.url);
      }
      next();
    }
    

    You can use it with Express (2.x and 4.x) like so:

    app.use(requireHTTPS);
    
    0 讨论(0)
  • 2020-11-27 12:29

    Based on Elias's answer but with inline code. This works if you have node behind nginx or a load balancer. Nginx or the load balancer will always hit node with plain old http, but it sets a header so you can distinguish.

    app.use(function(req, res, next) {
      var schema = req.headers['x-forwarded-proto'];
    
      if (schema === 'https') {
        // Already https; don't do anything special.
        next();
      }
      else {
        // Redirect to https.
        res.redirect('https://' + req.headers.host + req.url);
      }
    });
    
    0 讨论(0)
  • 2020-11-27 12:31

    Try this example :

    var express = require('express');
            var app = express();
            // set up a route to redirect http to https
            app.use(function (req, res, next) {
            if (!/https/.test(req.protocol)) {
                res.redirect("https://" + req.headers.host + req.url);
            } else {
                return next();
            }
            });
            var webServer = app.listen(port, function () {
                console.log('Listening on port %d', webServer.address().port);
            });
    
    0 讨论(0)
  • 2020-11-27 12:33

    Although the question looks a year old, I would like to answer as it might help others. Its actually really simple with the latest version of expressjs (2.x). First create the key and cert using this code

    openssl genrsa -out ssl-key.pem 1024

    $ openssl req -new -key ssl-key.pem -out certrequest.csr .. bunch of prompts

    $ openssl x509 -req -in certrequest.csr -signkey ssl-key.pem -out ssl-cert.pem

    Store the cert and key files in the folder containing app.js. Then edit the app.js file and write the following code before express.createServer()

    var https = require('https');
    var fs = require('fs');
    
    var sslkey = fs.readFileSync('ssl-key.pem');
    var sslcert = fs.readFileSync('ssl-cert.pem')
    
    var options = {
        key: sslkey,
        cert: sslcert
    };
    

    Now pass the options object in the createServer() function

    express.createServer(options);
    

    Done!

    0 讨论(0)
  • 2020-11-27 12:33

    http.createServer(app.handle).listen(80)

    https.createServer(options, app.handle).listen(443)

    for express 2x

    0 讨论(0)
  • 2020-11-27 12:39

    This code looks like it does what you need: https://gist.github.com/903596

    0 讨论(0)
提交回复
热议问题