ExpressJS节点HTTPS服务器上的Heroku错误H13 [英] Heroku Error H13 on ExpressJS Node HTTPS Server
问题描述
if(process .env.NODE_ENV =='production'){
var app = module.exports = express.createServer({
key:fs.readFileSync('./ ssl / nopass_server.key'),
cert:fs.readFileSync('./ ssl / server.crt')
});
} else {
var app = module.exports = express.createServer({
key:fs.readFileSync('./ ssl / self_signed / nopass_server.key'),
cert:fs.readFileSync('./ ssl / self_signed / server.crt')
});
}
我还在Heroku上设置了SSL Endpoint。一切都适用于 localhost ,端点似乎工作正常,但是当我在生产(在Heroku)上运行应用程序时,我收到H13应用程序错误。有趣的是(或不)如果我告诉express来创建一个HTTP服务器: var app = module.exports = express.createServer()它的工作原理,但Chrome抱怨说 https://mydomain.com上的页面从http://mydomain.com运行不安全的内容。
可以我不是/我不应该在快速生产中创建一个HTTPS服务器?如果我应该,是否有额外的东西需要使其在Heroku上工作(例如,我相信它使用 var port = process.env.PORT 设置正确的端口)?如果没有,如果没有运行https服务器,如何提供安全内容,因此浏览器不会投诉?
我使用以下内容来处理任何非https请求:
app.get('*',function(req,res,next){
if(req.headers ['x-forwarding-proto']!='https'){
res.redirect('https://mydomain.com'+req.url);
} else next();
});
这个目前位于我路线其余部分的正上方,这可能是这个问题其他地方?
我对https的一般经验非常有限,所以我可能会缺少一些明显的东西。
SSL终止发生在Heroku的负载平衡器;他们发送您的应用程序纯(非SSL)流量,因此您的应用程序应创建一个非HTTPS服务器。至于 https://mydomain.com上的页面从http://mydomain.com 运行不安全的内容,请确保所有的图像/脚本等。您的网页正在使用也可以通过 https 协议提供。
I'm trying to implement HTTPS on my Node.js server (Expressjs framework). I have my signed certificate and key, as well as a self-signed cert/key for testing/development:
if(process.env.NODE_ENV == 'production'){
var app = module.exports = express.createServer({
key: fs.readFileSync('./ssl/nopass_server.key'),
cert: fs.readFileSync('./ssl/server.crt')
});
} else {
var app = module.exports = express.createServer({
key: fs.readFileSync('./ssl/self_signed/nopass_server.key'),
cert: fs.readFileSync('./ssl/self_signed/server.crt')
});
}
I've also setup SSL Endpoint on Heroku. Everything works fine on localhost, and Endpoint seems to be working properly, but when I run the app in production (on Heroku) I get an H13 application error. Interestingly (or not) if I tell express to create an HTTP server instead: var app = module.exports = express.createServer() it works, but then Chrome complains that the page at https://mydomain.com ran insecure content from http://mydomain.com.
Can I not/should I not be creating an HTTPS server in express for production? If I should, is there something extra I need to make it work on Heroku (e.g. I'm trusting it to set the correct port with var port = process.env.PORT)? If not, how can I serve "secure" content if its not running an https server so browsers won't complain?
I'm using the following to take care of any non-https requests:
app.get('*',function(req,res,next){
if(req.headers['x-forwarded-proto'] != 'https'){
res.redirect('https://mydomain.com'+req.url);
} else next();
});
This is currently located just above the rest of my routes, could this be the issue/should this be somewhere else?
I have very limited experience with https in general so I'm probably missing something obvious.
SSL termination occurs at Heroku's load balancers; they send your app plain (non-SSL) traffic, so your app should create a non-HTTPS server. As for the page at https://mydomain.com ran insecure content from http://mydomain.com, make sure that all the images/scripts/etc. your page is using is also served over the https protocol.
这篇关于ExpressJS节点HTTPS服务器上的Heroku错误H13的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
