Add redirection from http to https

2024-11-22 20:25:13 +03:00 · 2022-03-07 05:50:24 -05:00 · 2022-03-07 05:50:24 -05:00 · 6ee5286ebf
commit 6ee5286ebf
parent 93911c2520
3 changed files with 42 additions and 24 deletions
--- a/.env
+++ b/.env
@ -20,6 +20,10 @@
 # SSL_PRIV_KEY_PATH=/etc/ssl/certs/dashy-priv.key
 # SSL_PUB_KEY_PATH=/etc/ssl/certs/dashy-pub.pem

+# If SSL enabled, choose whether or not to redirect http to https
+# Defaults to true
+# REDIRECT_HTTPS=true
+
 # Usually the same as BASE_URL, but accessible in frontend
 # VUE_APP_DOMAIN=https://dashy.to

--- a/server.js
+++ b/server.js
@ -66,6 +66,8 @@ const printWarning = (msg, error) => {
 const method = (m, mw) => (req, res, next) => (req.method === m ? mw(req, res, next) : next());

 const app = express()
+  // Load SSL redirection middleware
+  .use(sslServer.middleware)
  // Serves up static files
  .use(express.static(path.join(__dirname, 'dist')))
  .use(express.static(path.join(__dirname, 'public')))
@ -128,4 +130,4 @@ http.createServer(app)
  });

 /* Check, and if possible start SSL server too */
-sslServer(app);
+sslServer.startSSLServer(app);
--- a/services/ssl-server.js
+++ b/services/ssl-server.js
@ -5,36 +5,48 @@ const https = require('https');
 const promise = util.promisify;
 const stat = promise(fs.stat);

-module.exports = (app) => {
-  const httpsCerts = {
-    private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key',
-    public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem',
-  };
+const httpsCerts = {
+  private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key',
+  public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem',
+};

-  const isDocker = !!process.env.IS_DOCKER;
-  const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001);
+const isDocker = !!process.env.IS_DOCKER;
+const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001);
+const redirectHttps = process.env.REDIRECT_HTTPS || true;

-  const printSuccess = () => {
-    console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`);
-  };
+const printNotSoGood = (msg) => {
+  console.log(`SSL Not Enabled: ${msg}`);
+};

-  const printNotSoGood = (msg) => {
-    console.log(`SSL Not Enabled: ${msg}`);
-  };
+const printSuccess = () => {
+  console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`);
+};

-  /* Starts SSL-secured node server */
-  const startSSLServer = () => {
+// Check if the SSL certs are present and SSL should be enabled
+let enableSSL = false;
+stat(httpsCerts.public).then(() => {
+  stat(httpsCerts.private).then(() => {
+    enableSSL = true;
+  }).catch(() => { printNotSoGood('Private key not present'); });
+}).catch(() => { printNotSoGood('Public key not present'); });
+
+const startSSLServer = (app) => {
+  // If SSL should be enabled, create a secured server and start it
+  if (enableSSL) {
    const httpsServer = https.createServer({
      key: fs.readFileSync(httpsCerts.private),
      cert: fs.readFileSync(httpsCerts.public),
    }, app);
    httpsServer.listen(SSLPort, () => { printSuccess(); });
-  };
-
-  /* Check if SSL certs present, if so also start the HTTPS server */
-  stat(httpsCerts.public).then(() => {
-    stat(httpsCerts.private).then(() => {
-      startSSLServer();
-    }).catch(() => { printNotSoGood('Private key not present'); });
-  }).catch(() => { printNotSoGood('Public key not present'); });
+  }
 };
+
+const middleware = (req, res, next) => {
+  if (enableSSL && redirectHttps && req.protocol === 'http') {
+    res.redirect(`https://${req.hostname + ((SSLPort === 443) ? '' : `:${SSLPort}`) + req.url}`);
+  } else {
+    next();
+  }
+};
+
+module.exports = { startSSLServer, middleware };