From 6ee5286ebf64c0fe8df2d13d7d24bf848b6581e1 Mon Sep 17 00:00:00 2001 From: aterox Date: Mon, 7 Mar 2022 05:50:24 -0500 Subject: [PATCH] Add redirection from http to https --- .env | 4 +++ server.js | 4 ++- services/ssl-server.js | 58 +++++++++++++++++++++++++----------------- 3 files changed, 42 insertions(+), 24 deletions(-) diff --git a/.env b/.env index d18c9322..d7024eb2 100644 --- a/.env +++ b/.env @@ -20,6 +20,10 @@ # SSL_PRIV_KEY_PATH=/etc/ssl/certs/dashy-priv.key # SSL_PUB_KEY_PATH=/etc/ssl/certs/dashy-pub.pem +# If SSL enabled, choose whether or not to redirect http to https +# Defaults to true +# REDIRECT_HTTPS=true + # Usually the same as BASE_URL, but accessible in frontend # VUE_APP_DOMAIN=https://dashy.to diff --git a/server.js b/server.js index 6b81e2b6..4da6dafb 100644 --- a/server.js +++ b/server.js @@ -66,6 +66,8 @@ const printWarning = (msg, error) => { const method = (m, mw) => (req, res, next) => (req.method === m ? mw(req, res, next) : next()); const app = express() + // Load SSL redirection middleware + .use(sslServer.middleware) // Serves up static files .use(express.static(path.join(__dirname, 'dist'))) .use(express.static(path.join(__dirname, 'public'))) @@ -128,4 +130,4 @@ http.createServer(app) }); /* Check, and if possible start SSL server too */ -sslServer(app); +sslServer.startSSLServer(app); diff --git a/services/ssl-server.js b/services/ssl-server.js index a3dada05..70ec8d8e 100644 --- a/services/ssl-server.js +++ b/services/ssl-server.js @@ -5,36 +5,48 @@ const https = require('https'); const promise = util.promisify; const stat = promise(fs.stat); -module.exports = (app) => { - const httpsCerts = { - private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key', - public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem', - }; +const httpsCerts = { + private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key', + public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem', +}; - const isDocker = !!process.env.IS_DOCKER; - const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001); +const isDocker = !!process.env.IS_DOCKER; +const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001); +const redirectHttps = process.env.REDIRECT_HTTPS || true; - const printSuccess = () => { - console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`); - }; +const printNotSoGood = (msg) => { + console.log(`SSL Not Enabled: ${msg}`); +}; - const printNotSoGood = (msg) => { - console.log(`SSL Not Enabled: ${msg}`); - }; +const printSuccess = () => { + console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`); +}; - /* Starts SSL-secured node server */ - const startSSLServer = () => { +// Check if the SSL certs are present and SSL should be enabled +let enableSSL = false; +stat(httpsCerts.public).then(() => { + stat(httpsCerts.private).then(() => { + enableSSL = true; + }).catch(() => { printNotSoGood('Private key not present'); }); +}).catch(() => { printNotSoGood('Public key not present'); }); + +const startSSLServer = (app) => { + // If SSL should be enabled, create a secured server and start it + if (enableSSL) { const httpsServer = https.createServer({ key: fs.readFileSync(httpsCerts.private), cert: fs.readFileSync(httpsCerts.public), }, app); httpsServer.listen(SSLPort, () => { printSuccess(); }); - }; - - /* Check if SSL certs present, if so also start the HTTPS server */ - stat(httpsCerts.public).then(() => { - stat(httpsCerts.private).then(() => { - startSSLServer(); - }).catch(() => { printNotSoGood('Private key not present'); }); - }).catch(() => { printNotSoGood('Public key not present'); }); + } }; + +const middleware = (req, res, next) => { + if (enableSSL && redirectHttps && req.protocol === 'http') { + res.redirect(`https://${req.hostname + ((SSLPort === 443) ? '' : `:${SSLPort}`) + req.url}`); + } else { + next(); + } +}; + +module.exports = { startSSLServer, middleware };