强制SSL with expressjs 3 [英] Force SSL with expressjs 3
问题描述
我试图找出如何强制所有连接去通过https。
Google搜索显示我:
https://groups.google.com/forum/#!topic/express-js/Bm6yozgoDSY
目前还没有办法强制使用https重定向,尽管这似乎是一些奇怪的解决方案。我们有一个只有https的应用程序,我们
只有一个简单的〜4行节点http服务器重定向,没有
花式
我需要什么,但他不说这4行是什么。
我们该怎么做?谢谢。
我不太明白启动两台服务器的时候,只有一个人才能完成这项工作。例如,通过在您的服务器文件中添加一个简单的中间件:
app.use(function(req,res,next){
if(!req.secure){
return res.redirect(['https://',req.get('Host'),req.url] .join(''));
}
next();
});
这将重定向任何非安全请求到相应的HTTPS页面。例如, http://example.com/
至 https://example.com/
和 http://example.com/foo?bar=woo
至 https://example.com/foo?bar=woo
。这绝对是我期望的行为。也许你应该过滤这个主机,所以它只重定向到您拥有的域,并安装了正确的证书。
如果你的应用程序运行在另外一个服务器像Nginx,您可能需要添加配置参数 app.set('trust proxy',true)
。或者,更好的是,使Nginx执行重定向本身,这将比任何Node.js应用程序更有效。
编辑:根据我的基准,加入
比连接字符串的 +
要快一些。没有什么戏剧性,但每场胜利都是一场胜利。
I'm running a node.js express 3 server with no proxies and using SSL.
I'm trying to figure out how to force all connections to go through https.
Google searching shows me this:
https://groups.google.com/forum/#!topic/express-js/Bm6yozgoDSY
There's currently no way to force https redirects, though that seems like a bit of a strange work-around. We have an https-only app and we just have a simple ~4 line node http server that redirects, nothing fancy
Which is what I need, but he doesn't say what those 4 lines are.
How do we do this? Thanks.
I don't really understand the point in starting two servers when only one can do the job perfectly. For example, by adding a simple middleware in your server file:
app.use(function(req, res, next) {
if(!req.secure) {
return res.redirect(['https://', req.get('Host'), req.url].join(''));
}
next();
});
This will redirect any non-secure request to the corresponding HTTPS page. For example, http://example.com/
to https://example.com/
and http://example.com/foo?bar=woo
to https://example.com/foo?bar=woo
. This is definitely the behavior I would expect. Maybe you should filter this by host, so it redirects only on domains for which you own and installed a proper certificate.
If your app is running behind another server like Nginx, you may want to add the configuration parameter app.set('trust proxy', true)
. Or, even better, make Nginx do the redirect itself, which will be more efficient than any Node.js app.
Edit: According to my benchmarks, join
is a little faster than +
for concatenating strings. Nothing dramatic, but every win is a win...
这篇关于强制SSL with expressjs 3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!