Add redirection from http to https

.env

@@ -20,6 +20,10 @@
 # SSL_PRIV_KEY_PATH=/etc/ssl/certs/dashy-priv.key
 # SSL_PUB_KEY_PATH=/etc/ssl/certs/dashy-pub.pem
 
+# If SSL enabled, choose whether or not to redirect http to https
+# Defaults to true
+# REDIRECT_HTTPS=true
+
 # Usually the same as BASE_URL, but accessible in frontend
 # VUE_APP_DOMAIN=https://dashy.to
 

server.js

@@ -66,6 +66,8 @@ const printWarning = (msg, error) => {
 const method = (m, mw) => (req, res, next) => (req.method === m ? mw(req, res, next) : next());
 
 const app = express()
+  // Load SSL redirection middleware
+  .use(sslServer.middleware)
   // Serves up static files
   .use(express.static(path.join(__dirname, 'dist')))
   .use(express.static(path.join(__dirname, 'public')))
@@ -128,4 +130,4 @@ http.createServer(app)
   });
 
 /* Check, and if possible start SSL server too */
-sslServer(app);
+sslServer.startSSLServer(app);

services/ssl-server.js

@@ -5,36 +5,48 @@ const https = require('https');
 const promise = util.promisify;
 const stat = promise(fs.stat);
 
-module.exports = (app) => {
+const httpsCerts = {
-  const httpsCerts = {
+  private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key',
-    private: process.env.SSL_PRIV_KEY_PATH || '/etc/ssl/certs/dashy-priv.key',
+  public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem',
-    public: process.env.SSL_PUB_KEY_PATH || '/etc/ssl/certs/dashy-pub.pem',
+};
-  };
 
-  const isDocker = !!process.env.IS_DOCKER;
+const isDocker = !!process.env.IS_DOCKER;
-  const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001);
+const SSLPort = process.env.SSL_PORT || (isDocker ? 443 : 4001);
+const redirectHttps = process.env.REDIRECT_HTTPS || true;
 
-  const printSuccess = () => {
+const printNotSoGood = (msg) => {
-    console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`);
+  console.log(`SSL Not Enabled: ${msg}`);
-  };
+};
 
-  const printNotSoGood = (msg) => {
+const printSuccess = () => {
-    console.log(`SSL Not Enabled: ${msg}`);
+  console.log(`🔐 HTTPS server successfully started (port: ${SSLPort} ${isDocker ? 'of container' : ''})`);
-  };
+};
 
-  /* Starts SSL-secured node server */
+// Check if the SSL certs are present and SSL should be enabled
-  const startSSLServer = () => {
+let enableSSL = false;
+stat(httpsCerts.public).then(() => {
+  stat(httpsCerts.private).then(() => {
+    enableSSL = true;
+  }).catch(() => { printNotSoGood('Private key not present'); });
+}).catch(() => { printNotSoGood('Public key not present'); });
+
+const startSSLServer = (app) => {
+  // If SSL should be enabled, create a secured server and start it
+  if (enableSSL) {
     const httpsServer = https.createServer({
       key: fs.readFileSync(httpsCerts.private),
       cert: fs.readFileSync(httpsCerts.public),
     }, app);
     httpsServer.listen(SSLPort, () => { printSuccess(); });
-  };
+  }
-
-  /* Check if SSL certs present, if so also start the HTTPS server */
-  stat(httpsCerts.public).then(() => {
-    stat(httpsCerts.private).then(() => {
-      startSSLServer();
-    }).catch(() => { printNotSoGood('Private key not present'); });
-  }).catch(() => { printNotSoGood('Public key not present'); });
 };
+
+const middleware = (req, res, next) => {
+  if (enableSSL && redirectHttps && req.protocol === 'http') {
+    res.redirect(`https://${req.hostname + ((SSLPort === 443) ? '' : `:${SSLPort}`) + req.url}`);
+  } else {
+    next();
+  }
+};
+
+module.exports = { startSSLServer, middleware };