Hapijs在一个连接上同时使用Http和Https [英] Hapijs using both Http and Https on one connection

问题描述

Hapijs 的新手，并尝试使用它来创建一个对所有请求使用HTTPS并将HTTP重定向到安全连接。问题是应用程序进入HTTPS模式没有问题，但如果我将URL更改为HTTP服务器没有响应，不知道原因。

New to Hapijs and trying to use it to create an app that uses HTTPS for all requests and redirect HTTP to the secure connection.The problem is the app goes in HTTPS mode no problem but if i change the URL to HTTP the server does not respond and don't know the reason why.

这是我到目前为止所提出的，它适用但不适用于HTTP

This is what i have came up with so far, it works but not for HTTP

var connectionOptions = {
    port: 3000,
    tls: {
        key: fs.readFileSync(path.join(__dirname, 'key/key.pem'), 'utf8'),
        cert: fs.readFileSync(path.join(__dirname, 'key/cert.pem'), 'utf8')
    }
};

var server = new Hapi.Server();
server.connection(connectionOptions);

//This method not called when its HTTP
server.ext('onRequest', function (request, reply) {
     if (request.headers['x-forwarded-proto'] === 'http') {
            reply.redirect('https://' + request.headers.host +
                            request.url.path).code(301);
            return reply.continue();
      }
      reply.continue();       
});

var routes = require('./routes')(server);
server.route(routes);

if (!module.parent) {
    server.start(function () {
         console.log('Server running at:', server.info.uri);
    });
 }

如何强制所有请求为HTTPS。
感谢您的帮助

How to force all request to be HTTPS. Thank you for the help

推荐答案

您不能在同一连接上使用http和https。在幕后Hapi将创建一个Node http 服务器或一个 https 服务器，具体取决于您的 tls config，如 lib / connection.js 中的这一行所示：

You can't use http and https on the same connection. Behind the scenes Hapi will create a Node http server or an https server depending on your tls config, as shown in this line from lib/connection.js:

this.listener = this.settings.listener || （this.settings.tls？Https.createServer（this.settings.tls）：Http.createServer（））;

你应该创建与您的服务器的另一个连接，该连接不使用TLS，然后将非TLS请求重定向到https网址。

You should create another connection to your server that doesn't use TLS and then redirect non-TLS requests to the https url.

示例

const Hapi = require('hapi');
const Fs = require('fs');
const Url = require('url');

const config = {
    host: 'localhost',
    http: { port: 3001 },
    https: {
        port: 3000,
        key: Fs.readFileSync('key.key'),
        cert: Fs.readFileSync('cert.pem')
    }
}

const server = new Hapi.Server();

// https connection

server.connection({
    port: config.https.port,
    tls: {
        key: config.https.key,
        cert: config.https.cert
    }
});

// http connection

server.connection({ port: config.http.port });

server.route({
    method: 'GET',
    path: '/',
    handler: function (request, reply) {

        reply('Hello world');
    }
});

server.ext('onRequest', (request, reply) => {

    if (request.connection.info.port !== config.https.port) {

        return reply.redirect(Url.format({
            protocol: 'https',
            hostname: request.info.hostname,
            pathname: request.url.path,
            port: config.https.port
        }));
    }

    return reply.continue();
});

server.start((err) => {

    if (err) {
        throw err;
    }

    console.log('Started server');
});

编辑

如果在重定向到HTTPS之前允许与服务器进行不安全的连接，请考虑使用 HTTP严格传输安全（HSTS）以防止MITM攻击。您可以使用路径配置 security 选项设置HSTS标头：

If you're allowing insecure connections to your server before redirecting to HTTPS, consider also employing HTTP Strict Transport Security (HSTS) to prevent MITM attacks. You can set HSTS headers using the route config security option:

server.route({
    config: {
        security: {
            hsts: {
                maxAge: 15768000,
                includeSubDomains: true,
                preload: true
            }
        }
    },
    method: 'GET',
    path: '/',
    handler: function (request, reply) {

        ...
    }
});

这篇关于Hapijs在一个连接上同时使用Http和Https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！