🔁 Merge pull request #538 from Ateroz/feature/526-http-to-https-redirect

 Add redirection from HTTP to HTTPS
Fixes #526
This commit is contained in:
Alicia Sykes 2022-03-07 13:29:06 +00:00 committed by GitHub
commit c1fc473cf2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 24 deletions

4
.env
View File

@ -20,6 +20,10 @@
# SSL_PRIV_KEY_PATH=/etc/ssl/certs/dashy-priv.key
# SSL_PUB_KEY_PATH=/etc/ssl/certs/dashy-pub.pem
# If SSL enabled, choose whether or not to redirect http to https
# Defaults to true
# REDIRECT_HTTPS=true
# Usually the same as BASE_URL, but accessible in frontend
# VUE_APP_DOMAIN=https://dashy.to

View File

@ -66,6 +66,8 @@ const printWarning = (msg, error) => {
const method = (m, mw) => (req, res, next) => (req.method === m ? mw(req, res, next) : next());
const app = express()
// Load SSL redirection middleware
.use(sslServer.middleware)
// Serves up static files
.use(express.static(path.join(__dirname, 'dist')))
.use(express.static(path.join(__dirname, 'public')))
@ -128,4 +130,4 @@ http.createServer(app)
});
/* Check, and if possible start SSL server too */
sslServer(app);
sslServer.startSSLServer(app);

View File

@ -5,36 +5,48 @@ const https = require('https');
const promise = util.promisify;
const stat = promise(fs.stat);
module.exports = (app) => {
const httpsCerts = {
private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key',
public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem',
};
const httpsCerts = {
private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key',
public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem',
};
const isDocker = !!process.env.IS_DOCKER;
const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001);
const isDocker = !!process.env.IS_DOCKER;
const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001);
const redirectHttps = process.env.REDIRECT_HTTPS ? process.env.REDIRECT_HTTPS : true;
const printSuccess = () => {
console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`);
};
const printNotSoGood = (msg) => {
console.log(`SSL Not Enabled: ${msg}`);
};
const printNotSoGood = (msg) => {
console.log(`SSL Not Enabled: ${msg}`);
};
const printSuccess = () => {
console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`);
};
/* Starts SSL-secured node server */
const startSSLServer = () => {
// Check if the SSL certs are present and SSL should be enabled
let enableSSL = false;
stat(httpsCerts.public).then(() => {
stat(httpsCerts.private).then(() => {
enableSSL = true;
}).catch(() => { printNotSoGood('Private key not present'); });
}).catch(() => { printNotSoGood('Public key not present'); });
const startSSLServer = (app) => {
// If SSL should be enabled, create a secured server and start it
if (enableSSL) {
const httpsServer = https.createServer({
key: fs.readFileSync(httpsCerts.private),
cert: fs.readFileSync(httpsCerts.public),
}, app);
httpsServer.listen(SSLPort, () => { printSuccess(); });
};
/* Check if SSL certs present, if so also start the HTTPS server */
stat(httpsCerts.public).then(() => {
stat(httpsCerts.private).then(() => {
startSSLServer();
}).catch(() => { printNotSoGood('Private key not present'); });
}).catch(() => { printNotSoGood('Public key not present'); });
}
};
const middleware = (req, res, next) => {
if (enableSSL && redirectHttps && req.protocol === 'http') {
res.redirect(`https://${req.hostname + ((SSLPort === 443) ? '' : `:${SSLPort}`) + req.url}`);
} else {
next();
}
};
module.exports = { startSSLServer, middleware };