Extremely simple middleware for requiring some or all pages to be visited over SSL.
$ npm install express-force-ssl
var express = require('express');
var forceSSL = require('express-force-ssl');
var fs = require('fs');
var http = require('http');
var https = require('https');
var ssl_options = {
key: fs.readFileSync('./keys/private.key')
cert: fs.readFileSync('./keys/cert.crt')
ca: fs.readFileSync('./keys/intermediate.crt')
};
var app = express();
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
app.use(express.bodyParser());
app.use(forceSSL());
app.use(app.router);
secureServer.listen(443)
server.listen(80)
var express = require('express');
var forceSSL = require('express-force-ssl');
var fs = require('fs');
var http = require('http');
var https = require('https');
var ssl_options = {
key: fs.readFileSync('./keys/private.key')
cert: fs.readFileSync('./keys/cert.crt')
ca: fs.readFileSync('./keys/intermediate.crt')
};
var app = express();
var server = http.createServer(app);
var secureServer = https.createServer(options, app);
app.use(express.bodyParser());
app.use(app.router);
app.get('/', somePublicFunction);
app.get('/user/:name', somePublicFunction);
app.get('/login', forceSSL(), someSecureFunction);
app.get('/logout', forceSSL(), someSecureFunction);
secureServer.listen(443)
server.listen(80)
If your server isn't listening on 80/443 respectively, you can change this pretty simply.
var app = express();
app.set('httpsPort', 8443);
var server = http.createServer(app);
var secureServer = https.createServer(options, app);
...
secureServer.listen(443)
server.listen(80)
npm test
This will prevent a POST/PUT etc with data that will end up being lost in a redirect.
Courtesy of @ronco
Courtesy of @tixz
For example, if you host your non-ssl site on port 8080 and your secure site on 8443, version 0.1.x did not support it. Now, out of the box your non-ssl site port will be recognized, and to specify a port other than 443 for your ssl port you just have to add a setting in your express config like so:
app.set('httpsPort', 8443);
and the plugin will check for it and use it. Defaults to 443 of course.
Courtesy of @timshadel