Hapijs在一个连接上同时使用Http和Https [英] Hapijs using both Http and Https on one connection
问题描述
Hapijs 的新手,并尝试使用它来创建一个对所有请求使用HTTPS并将HTTP重定向到安全连接。问题是应用程序进入HTTPS模式没有问题,但如果我将URL更改为HTTP服务器没有响应,不知道原因。
New to Hapijs and trying to use it to create an app that uses HTTPS for all requests and redirect HTTP to the secure connection.The problem is the app goes in HTTPS mode no problem but if i change the URL to HTTP the server does not respond and don't know the reason why.
这是我到目前为止所提出的,它适用但不适用于HTTP
This is what i have came up with so far, it works but not for HTTP
var connectionOptions = {
port: 3000,
tls: {
key: fs.readFileSync(path.join(__dirname, 'key/key.pem'), 'utf8'),
cert: fs.readFileSync(path.join(__dirname, 'key/cert.pem'), 'utf8')
}
};
var server = new Hapi.Server();
server.connection(connectionOptions);
//This method not called when its HTTP
server.ext('onRequest', function (request, reply) {
if (request.headers['x-forwarded-proto'] === 'http') {
reply.redirect('https://' + request.headers.host +
request.url.path).code(301);
return reply.continue();
}
reply.continue();
});
var routes = require('./routes')(server);
server.route(routes);
if (!module.parent) {
server.start(function () {
console.log('Server running at:', server.info.uri);
});
}
如何强制所有请求为HTTPS。
感谢您的帮助
How to force all request to be HTTPS. Thank you for the help
推荐答案
您不能在同一连接上使用http和https。在幕后Hapi将创建一个Node http
服务器或一个 https
服务器,具体取决于您的 tls
config,如 lib / connection.js
中的这一行所示:
You can't use http and https on the same connection. Behind the scenes Hapi will create a Node http
server or an https
server depending on your tls
config, as shown in this line from lib/connection.js
:
this.listener = this.settings.listener || (this.settings.tls?Https.createServer(this.settings.tls):Http.createServer());
你应该创建与您的服务器的另一个连接,该连接不使用TLS,然后将非TLS请求重定向到https网址。
You should create another connection to your server that doesn't use TLS and then redirect non-TLS requests to the https url.
示例
const Hapi = require('hapi');
const Fs = require('fs');
const Url = require('url');
const config = {
host: 'localhost',
http: { port: 3001 },
https: {
port: 3000,
key: Fs.readFileSync('key.key'),
cert: Fs.readFileSync('cert.pem')
}
}
const server = new Hapi.Server();
// https connection
server.connection({
port: config.https.port,
tls: {
key: config.https.key,
cert: config.https.cert
}
});
// http connection
server.connection({ port: config.http.port });
server.route({
method: 'GET',
path: '/',
handler: function (request, reply) {
reply('Hello world');
}
});
server.ext('onRequest', (request, reply) => {
if (request.connection.info.port !== config.https.port) {
return reply.redirect(Url.format({
protocol: 'https',
hostname: request.info.hostname,
pathname: request.url.path,
port: config.https.port
}));
}
return reply.continue();
});
server.start((err) => {
if (err) {
throw err;
}
console.log('Started server');
});
编辑
如果在重定向到HTTPS之前允许与服务器进行不安全的连接,请考虑使用 HTTP严格传输安全(HSTS)以防止MITM攻击。您可以使用路径配置 security
选项设置HSTS标头:
If you're allowing insecure connections to your server before redirecting to HTTPS, consider also employing HTTP Strict Transport Security (HSTS) to prevent MITM attacks. You can set HSTS headers using the route config security
option:
server.route({
config: {
security: {
hsts: {
maxAge: 15768000,
includeSubDomains: true,
preload: true
}
}
},
method: 'GET',
path: '/',
handler: function (request, reply) {
...
}
});
这篇关于Hapijs在一个连接上同时使用Http和Https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!