Redirect http to https express.js

Question

Redirect http to https express.js

I am trying to redirect http (80)in https (443)to my express application. For this, I use medium dishes. If I go to https://my-example-domain.com, everything will be all right. But if I go to http://my-example-domain.com, it will not redirect and nothing will appear.

I also have some iptables installed on my ubuntu server

sudo iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 8443 -j ACCEPT
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443




function requireHTTPS(req, res, next) {
  if (!req.secure) {
    return res.redirect('https://' + req.headers.host + req.url);
  }
  next();
}

// all environments
app.set('port', process.env.PORT || 8443);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
app.use(express.logger('dev'));
app.use(requireHTTPS);  // redirect to https
app.use(express.json());
app.use(express.urlencoded());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));

app.get('/', function(req, res){
    res.render('index');
})

https.createServer(options, app).listen(8443);

So my question is: do I just need to add another rule iptables? Or do I need to configure something in my application?

, , , , . : http://my-example-domain.com, . 8443, http://my-example-domain.com:8443, .

+4

node.js web-services https express

Jackson Geller 11 . '14 17:41

6

pykiss · Answer 1 · 2014-08-18T07:44:23+0000

var redirectApp = express () ,
redirectServer = http.createServer(redirectApp);

redirectApp.use(function requireHTTPS(req, res, next) {
  if (!req.secure) {
    return res.redirect('https://' + req.headers.host + req.url);
  }
  next();
})

redirectServer.listen(8080);

Jackson Geller · Answer 2 · 2014-03-11T18:08:21+0000

http, https -. , . iptable 443 = > 8443. .

aega · Answer 3 · 2014-03-11T17:50:10+0000

.

app.use(function(req,resp,next){
    if (req.headers['x-forwarded-proto'] == 'http') {
        return resp.redirect(301, 'https://' + req.headers.host + '/');
    } else {
        return next();
    }
});

Tommy · Answer 4 · 2014-11-05T05:00:13+0000

I use a similar solution where I also add "www" because our SSL certificate is not valid without it. Works fine in every browser, but Firefox. Any idea?

http.createServer(function(req, res) {
  res.writeHead(301, {
    Location: "https://www." + req.headers["host"].replace("www.", "") + req.url
  });
  res.end();
}).listen(80);

user3722785 · Answer 5 · 2017-11-13T05:14:29+0000

You can redirect from http to https

if(req.headers["x-forwarded-proto"] == "http") {
 res.redirect(301, "https://" + req.host+req.url);
                next();
}

shantanu chandra · Answer 6 · 2018-04-03T06:37:39+0000

It worked for me. Install express-force-ssl first. this will force the server to use only a secure connection

const express = require('express');
const bodyParser = require('body-parser');
const path = require('path');
const http = require('http');
const app = express();
var forceSsl = require('express-force-ssl');
var request = require('request');
//For https
const https = require('https');
var fs = require('fs');
var options = {
  key: fs.readFileSync('certificates/private.key'),
  cert: fs.readFileSync('certificates/certificate.crt'),
  ca: fs.readFileSync('certificates/ca_bundle.crt')
};

// API file for interacting with MongoDB
const api = require('./server/routes/api');

// Parsers
app.use(forceSsl);
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));


// Angular DIST output folder
app.use(express.static(path.join(__dirname, 'dist')));

// API location
app.use('/api', api);

app.get('*', (req, res) => {
  //alert(req);
  res.sendFile(path.join(__dirname, 'dist/index.html'));
});


http.createServer(app).listen(80)
https.createServer(options, app).listen(443);

Redirect http to https express.js

More articles: