在 express.js 上启用 HTTPS [英] Enabling HTTPS on express.js

查看:32
本文介绍了在 express.js 上启用 HTTPS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试让 HTTPS 在用于 node 的 express.js 上工作,但我无法弄清楚.

I'm trying to get HTTPS working on express.js for node, and I can't figure it out.

这是我的 app.js 代码.

var express = require('express');
var fs = require('fs');

var privateKey = fs.readFileSync('sslcert/server.key');
var certificate = fs.readFileSync('sslcert/server.crt');

var credentials = {key: privateKey, cert: certificate};


var app = express.createServer(credentials);

app.get('/', function(req,res) {
    res.send('hello');
});

app.listen(8000);

当我运行它时,它似乎只响应 HTTP 请求.

When I run it, it seems to only respond to HTTP requests.

我编写了简单的基于 node.js 的 HTTPS 应用程序:

I wrote simple vanilla node.js based HTTPS app:

var   fs = require("fs"),
      http = require("https");

var privateKey = fs.readFileSync('sslcert/server.key').toString();
var certificate = fs.readFileSync('sslcert/server.crt').toString();

var credentials = {key: privateKey, cert: certificate};

var server = http.createServer(credentials,function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end('Hello World
');
});

server.listen(8000);

当我运行这个应用程序时,它确实响应 HTTPS 请求.请注意,我认为 fs 结果上的 toString() 并不重要,因为我使用了两者的组合,但仍然没有 es bueno.

And when I run this app, it does respond to HTTPS requests. Note that I don't think the toString() on the fs result matters, as I've used combinations of both and still no es bueno.

编辑添加:

对于生产系统,您可能最好使用 Nginx 或 HAProxy 将请求代理到您的 nodejs 应用程序.您可以设置 nginx 来处理 ssl 请求,并且只对您的节点 app.js 说 http.

For production systems, you're probably better off using Nginx or HAProxy to proxy requests to your nodejs app. You can setup nginx to handle the ssl requests and just speak http to your node app.js.

编辑添加 (4/6/2015)

EDIT TO ADD (4/6/2015)

对于使用 AWS 的系统,您最好使用 EC2 弹性负载均衡器来处理 SSL 终止,并允许常规 HTTP 流量到您的 EC2 Web 服务器.为了进一步确保安全,请设置您的安全组,以便仅允许 ELB 向 EC2 实例发送 HTTP 流量,这将防止外部未加密的 HTTP 流量访问您的机器.

For systems on using AWS, you are better off using EC2 Elastic Load Balancers to handle SSL Termination, and allow regular HTTP traffic to your EC2 web servers. For further security, setup your security group such that only the ELB is allowed to send HTTP traffic to the EC2 instances, which will prevent external unencrypted HTTP traffic from hitting your machines.

推荐答案

在 express.js(自版本 3 起)中,您应该使用该语法:

In express.js (since version 3) you should use that syntax:

var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey  = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');

var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();

// your express configuration here

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);

httpServer.listen(8080);
httpsServer.listen(8443);

通过这种方式,您可以为原生 http/https 服务器提供快速中间件

In that way you provide express middleware to the native http/https server

如果您希望应用在 1024 以下的端口上运行,则需要使用 sudo 命令(不推荐)或使用反向代理(例如 nginx、haproxy).

If you want your app running on ports below 1024, you will need to use sudo command (not recommended) or use a reverse proxy (e.g. nginx, haproxy).

这篇关于在 express.js 上启用 HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆