Heroku上的HTTPS + SSL - Node + Express [英] HTTPS + SSL on Heroku - Node + Express
问题描述
我创建了自签名证书, heroku certs:info 它似乎在那里。
我在Express上创建我的服务器,如下所示:
var server = require('http')。createServer(app);
然后重定向到 https ,如下所示:
app.use(函数(req,res,next){
var reqType = req.headers [x ');
reqType =='https'?next():res.redirect(https://+ req.headers.host + req.url);
}) ;
服务器运行正常,但是我在S.O上遇到了这个代码片段。创建 https 服务器:
var keys_dir ='./sslcert /';
var server_options = {
key:fs.readFileSync(keys_dir +'server.key'),
ca:fs.readFileSync(keys_dir +'server.csr'),
cert:fs.readFileSync(keys_dir +'server.crt')
}
var server = require('https')。createServer(server_options,app);
我没有指出像这个例子那样的certs / keys,而且我的网站在https上运行(尽管锁是自签名的,但它是红色的)。
-
所以我的问题是,我的服务器如何知道我的keys / certs没有我明确地指向他们就像代码片段与
server_options?这是由Heroku幕后照顾的吗? -
Heroku上的SSL端点设置如何与我用<$创建的
httpc $ c> var server = require('http')。createServer(app); ?
编辑
我只是这样回答另一个问题 :
Heroku的负载平衡器发生SSL终止;它们会向您的应用发送纯文本(非SSL)流量,因此您的应用应该创建非HTTPS服务器。
- 他们发送您的应用程序纯(非SSL)流量意味着什么
这是否意味着我不必在我的应用中重定向到https?
在流量到达您的应用程序之前,SSL终止在Heroku服务器/负载均衡器上完成。您添加了您的证书的事情不是您的dyno,而是由Heroku控制的服务器。因此,当SSL(https)流量进入时,它是停止(终止)在服务器上。该服务器为您的dyno打开一个新的 http 连接,并且通过https发送给客户端。
因此,在您的dyno您不需要与证书等混淆,并且只会看到传入的http 流量:无论是直接来自http客户端,还是来自向客户端发送https和向您发送http的Heroku服务器。重定向到https是一个不同的问题:如果一个客户端通过http进入你的应用程序,并且你更喜欢他们使用https,那么所有的手段都是重定向的。他们会发出一个新的请求,这次https,并通过Heroku的SSL终止,然后到您的应用程序。但是现在你知道客户端和Heroku之间的路径是安全的(由于客户端使用https),并且Heroku SSL终端和你的dyno之间的路径大概是安全的(如果你信任Heroku ...)
HTH
I've created a self-signed certificate, added it to Heroku, and provisioned an SSL endpoint on Heroku, and I log heroku certs:info it seems to be there.
I'm creating my server on Express like so:
var server = require('http').createServer(app);
And then redirecting to https like so:
app.use(function(req, res, next) {
var reqType = req.headers["x-forwarded-proto"];
reqType == 'https' ? next() : res.redirect("https://" + req.headers.host + req.url);
});
The server runs fine, however I came across this code snippet on S.O. to create an https server:
var keys_dir = './sslcert/';
var server_options = {
key : fs.readFileSync(keys_dir + 'server.key'),
ca : fs.readFileSync(keys_dir + 'server.csr'),
cert : fs.readFileSync(keys_dir + 'server.crt')
}
var server = require('https').createServer(server_options,app);
I don't point to the certs/keys like this example, and my site is running on https (although the lock is red since it's self-signed).
So my question is, how does my server know about my keys/certs without me explicitly pointing to them like the code snippet with
server_options? Is this taken care of by Heroku behind the scenes?How does the SSL Endpoint I setup on Heroku interact with the
httpserver I created withvar server = require('http').createServer(app);?
EDIT
I just so this answer on another question:
"SSL termination occurs at Heroku's load balancers; they send your app plain (non-SSL) traffic, so your app should create a non-HTTPS server."
- What does
they send your app plain (non-SSL) trafficmean exactly? Does this mean that I don't have to redirect tohttpsin my app?
SSL termination is done on Heroku servers/load-balancers before the traffic gets to your application. The "thing" you added your cert to was not your dyno, but rather a Heroku-controlled server.
So when SSL (https) traffic comes in, it is "stopped" (terminated) at the server. That server opens a new http connection to your dyno, and whatever is gets it sends back over https to the client.
So on your dyno you don't need to "mess" with certs etc, and you will be seeing only incoming http traffic: whether directly from http clients, or from Heroku servers who talk https to clients and http to you.
Redirecting to https is a different matter: if a client "comes" to your app with http, and you prefer they use https, by all means redirect. They will issue a new request, this time https, and go thru Heroku's SSL termination and then to your app. But now you know that the path between the client and Heroku is secure (due to the client using https), and the path between the Heroku SSL termination and your dyno is presumably secure (if you trust Heroku...)
HTH
这篇关于Heroku上的HTTPS + SSL - Node + Express的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
