防爆press.js重定向到HTTPS和发送的index.html [英] Express.js redirect to HTTPS and send index.html
问题描述
我有一个简单的前press.js实例的提供静态资产为单页角的应用程序。我成立了防爆preSS配置一些中间件,这样的index.html返回所有路线和角度可以从那里加载。
最近,我设置SSL在Heroku上,我想,以确保从HTTP进来的所有流量重定向到HTTPS。我试图从这个帖子推荐的解决方案相结合什么我现在有,但在一个无限重定向循环结束了。
总之,我需要所有流量从HTTP重定向到HTTPS和index.html文件的所有请求发送。我在做什么错在这里?
VAR gzippo =要求('gzippo');
VAR前preSS =要求('前preSS');
VAR摩根=要求('摩根');
VAR应用=前preSS();//设置环境变量
VAR ENV = app.get('ENV')|| 发展;app.use(摩根('开发'));//为静态资产
app.use(gzippo.staticGzip(+ __dirname +/ DIST));
app.use(/ JS,当然press.static(__目录名称+/距离/脚本));
app.use(/字体,前press.static(__目录名称+/字体));
app.use(/ IMG,前press.static(__目录名称+/距离/资产/图像));
app.use(/ CSS,前press.static(__目录名称+/距离/风格));
//重定向所有的HTTP流量HTTPS
功能ensureSecure(REQ,资源,下一个){
如果(req.secure){
// OK,继续
返回下一个();
};
res.redirect(的https://'+req.hostname+req.url); //手柄端口号,如果你需要非默认值
};
//总是发送的index.html
功能sendIndex(REQ,资源,下一个){
res.sendfile('的index.html',{根:__dirname +/距离/});
}
//处理环境
如果(ENV =='生产'){
app.all('*',ensureSecure);
}app.all('/ *',sendIndex);//启动服务器
app.listen(process.env.PORT || 5000);
Heroku的终止在负载均衡水平SSL连接,因此 req.secure 将永远是真实的,因为你对Heroku的负载均衡器连接不使用SSL,从而创造无限重定向循环。
您必须检查 X-转发,原头而不是:
如果(req.headers [X-转发-原] ===https开头){
// OK,继续
返回下一个();
};
res.redirect(的https://'+req.hostname+req.url);
编辑:您还可以设置 app.enable(委托代理)有前preSS自动检查头。请参见 HTTP://ex$p$pssjs.com/guide/behind-proxies。 HTML
I have a simple Express.js instance that's serving up static assets for a single page Angular app. I set up some middleware on the Express config so that index.html is returned for all routes and Angular can load from there.
More recently, I set up SSL on Heroku and I want to make sure that all traffic that comes in from HTTP is redirected to HTTPS. I tried to combine the suggested solution from this post with what I have now, but end up in an endless redirect loop.
In short, I need all traffic to be redirected from HTTP to HTTPS and the index.html file to be sent for all requests. What am I doing wrong here?
var gzippo = require('gzippo');
var express = require('express');
var morgan = require('morgan');
var app = express();
// set environment variables
var env = app.get('env') || 'development';
app.use(morgan('dev'));
// serve static assets
app.use(gzippo.staticGzip("" + __dirname + "/dist"));
app.use("/js", express.static(__dirname + "/dist/scripts"));
app.use("/fonts", express.static(__dirname + "/fonts"));
app.use("/img", express.static(__dirname + "/dist/assets/images"));
app.use("/css", express.static(__dirname + "/dist/styles"));
// Redirect all HTTP traffic to HTTPS
function ensureSecure(req, res, next){
if(req.secure){
// OK, continue
return next();
};
res.redirect('https://'+req.hostname+req.url); // handle port numbers if you need non defaults
};
// Always send index.html
function sendIndex(req, res, next) {
res.sendfile('index.html', { root: __dirname + "/dist/"});
}
// Handle environments
if (env == 'production') {
app.all('*', ensureSecure);
}
app.all('/*', sendIndex);
// Start server
app.listen(process.env.PORT || 5000);
Heroku terminates SSL connections at the load balancer level, so req.secure will never be true, because your connection to heroku's load balancer is not using SSL, thus creating an infinite redirect loop.
You have to check the X-Forwarded-Proto header instead:
if(req.headers["x-forwarded-proto"] === "https"){
// OK, continue
return next();
};
res.redirect('https://'+req.hostname+req.url);
Edit: you can also set app.enable("trust proxy") to have express check the headers automatically. See http://expressjs.com/guide/behind-proxies.html
这篇关于防爆press.js重定向到HTTPS和发送的index.html的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
