Automatic HTTPS Connection/redirect With Node.js/express


Answer :

Ryan, thanks for pointing me in the right direction. I fleshed out your answer (2nd paragraph) a little bit with some code and it works. In this scenario these code snippets are put in my express app:

// set up plain http server var http = express();  // set up a route to redirect http to https http.get('*', function(req, res) {       res.redirect('https://' + req.headers.host + req.url);      // Or, if you don't want to automatically detect the domain name from the request header, you can hard code it:     // res.redirect('https://example.com' + req.url); })  // have it listen on 8080 http.listen(8080);

The https express server listens ATM on 3000. I set up these iptables rules so that node doesn't have to run as root:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3000

All together, this works exactly as I wanted it to.

To prevent theft of cookies over HTTP, see this answer (from the comments) or use this code:

const session = require('cookie-session'); app.use(   session({     secret: "some secret",     httpOnly: true,  // Don't let browser javascript access cookies.     secure: true, // Only use cookies over https.   }) );

Thanks to this guy: https://www.tonyerwin.com/2014/09/redirecting-http-to-https-with-nodejs.html

app.use (function (req, res, next) {         if (req.secure) {                 // request was via https, so do no special handling                 next();         } else {                 // request was via http, so redirect to https                 res.redirect('https://' + req.headers.host + req.url);         } });

If you follow conventional ports since HTTP tries port 80 by default and HTTPS tries port 443 by default you can simply have two server's on the same machine: Here's the code: 

var https = require('https');  var fs = require('fs'); var options = {     key: fs.readFileSync('./key.pem'),     cert: fs.readFileSync('./cert.pem') };  https.createServer(options, function (req, res) {     res.end('secure!'); }).listen(443);  // Redirect from http port 80 to https var http = require('http'); http.createServer(function (req, res) {     res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url });     res.end(); }).listen(80);

Test with https: 

$ curl https://127.0.0.1 -k secure!

With http:

$ curl http://127.0.0.1 -i HTTP/1.1 301 Moved Permanently Location: https://127.0.0.1/ Date: Sun, 01 Jun 2014 06:15:16 GMT Connection: keep-alive Transfer-Encoding: chunked

More details : Nodejs HTTP and HTTPS over same port


Comments

Post a Comment

Popular posts from this blog

Chemistry - Bond Angles In NH3 And NCl3

Answer : Solution 1: As Tan Yong Boon stated, it is Bent’s Rule with which we can explain the lower bond angle of \ce N F 3 \ce{NF3} \ce NF 3 when compared to \ce N H 3 \ce{NH3} \ce N H 3 . The rule as stated by Henry Bent: Atomic s character concentrates in orbitals directed towards electropositive substituents. Fluorine is more electronegative that hydrogen, and the \ce N − F \ce{N−F} \ce N − F bond would have greater p character than the \ce N − H \ce{N−H} \ce N − H bond. And more s character leads to large bond angles. Thus, the bond angle is greater in \ce N H 3 \ce{NH3} \ce N H 3 than in \ce N F 3 \ce{NF3} \ce NF 3 . Now, consider \ce N C l 3 \ce{NCl3} \ce NCl 3 . Clearly, \ce C l \ce{Cl} \ce Cl atom islarger in size than the central atom, nitrogen. Hence the higher bond angle here is due to the steric crowding caused by \ce C l \ce{Cl} \ce Cl atoms.(More pronounced than the electrongativity of \ce C l \ce{Cl} \ce Cl atom). They repel eachother and hence b...
Read more

Can Not Use Command Telnet In Git Bash

Answer : That's because telnet is not provided with git. In windows, you need to go to control panel, programs, turn windows features on/off and enable the telnet client. To add on to @lostbard's answer and @signonsridhar's comment, telnet utility need to be invoked with winpty to work on git bash. Example: MINGW64 ~ $ which telnet /c/WINDOWS/system32/telnet MINGW64 ~ $ winpty telnet localhost 2181 Zookeeper version: 3.4.14-4c25d480e66aadd371de8bd2fd8da255ac140bcf, built on 03/06/2019 16:18 GMT
Read more

AspenTech InfoPlus 21 - How To Connect And Query Data

Image
Answer : InfoPlus21 is process historian containing list of templates of different tag structure e.g. IP_AnalogDef, IP_DescreteDef, IP_TextDef etc. Based on process tags from DCS/OPC/Any other historian, the IP21 records are created and each record acts as a table in historian. ANS1: Aspentech software is only windows based compatibility however IP21 aspenONE Process Explorer is web based and therefore you can access it over any operating system using host url. ANS2: you can try SELECT statement to get data from IP21 Historian using it's end-user component SQLPlus or on excel add-ins. e.g. SELECT NAME, IP_DESCRIPTION, IP_PLANT_AREA, IP_ENG_UNITS FROM IP_ANALOGDEF RESULTS: I hope this help you understand better. Otherwise you need to first learn the structure of your IP21 historian tags to build the query e.g. If it has customized structure, then you have to build your own. Welcome in industrial-IT ! For these technology, the best option is the 'AspenTech...
Read more