javascript 使用 expressjs 3 强制 SSL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10697660/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Force SSL with expressjs 3
提问by Harry
I'm running a node.js express 3 server with no proxies and using SSL.
我正在运行一个没有代理并使用 SSL 的 node.js express 3 服务器。
I'm trying to figure out how to force all connections to go through https.
我想弄清楚如何强制所有连接都通过 https。
Google searching shows me this:
谷歌搜索向我展示了这一点:
https://groups.google.com/forum/#!topic/express-js/Bm6yozgoDSY
https://groups.google.com/forum/#!topic/express-js/Bm6yozgoDSY
There's currently no way to force https redirects, though that seems like a bit of a strange work-around. We have an https-only app and we just have a simple ~4 line node http server that redirects, nothing fancy
目前没有办法强制 https 重定向,尽管这看起来有点奇怪。我们有一个仅限 https 的应用程序,我们只有一个简单的 ~4 行节点 http 服务器,可以重定向,没什么特别的
Which is what I need, but he doesn't say what those 4 lines are.
这是我需要的,但他没有说那 4 行是什么。
How do we do this? Thanks.
我们如何做到这一点?谢谢。
回答by Pierre
I don't really understand the point in starting two servers when only one can do the job perfectly. For example, by adding a simple middleware in your server file:
当只有一个可以完美地完成工作时,我真的不明白启动两台服务器的意义。例如,通过在您的服务器文件中添加一个简单的中间件:
app.use(function(req, res, next) {
if(!req.secure) {
return res.redirect(['https://', req.get('Host'), req.url].join(''));
}
next();
});
This will redirect any non-secure request to the corresponding HTTPS page. For example, http://example.com/to https://example.com/and http://example.com/foo?bar=wooto https://example.com/foo?bar=woo. This is definitely the behavior I would expect. Maybe you should filter this by host, so it redirects only on domains for which you own and installed a proper certificate.
这会将任何非安全请求重定向到相应的 HTTPS 页面。例如,http://example.com/到https://example.com/和http://example.com/foo?bar=woo到https://example.com/foo?bar=woo。这绝对是我期望的行为。也许您应该按主机过滤它,因此它仅重定向到您拥有并安装了适当证书的域。
If your app is running behind another server like Nginx, you may want to add the configuration parameter app.set('trust proxy', true). Or, even better, make Nginx do the redirect itself, which will be more efficient than any Node.js app.
如果您的应用程序在另一个服务器(如 Nginx)后面运行,您可能需要添加配置参数app.set('trust proxy', true)。或者,更好的是,让 Nginx 自己做重定向,这将比任何 Node.js 应用程序都更有效率。
Edit:According to my benchmarks, joinis a little faster than +for concatenating strings. Nothing dramatic, but every win is a win...
编辑:根据我的基准,join比+连接字符串快一点。没什么戏剧性的,但每一次胜利都是一场胜利......
回答by Rusheng Zhang
I had a similar problem and the redirect solution is not suitable for me because essentially I want to get rid of the browser's insecure warning,
我有一个类似的问题,重定向解决方案不适合我,因为基本上我想摆脱浏览器的不安全警告,
So instead of redirect every message, I did:
因此,我没有重定向每条消息,而是:
app1 = new express()
app1.get('/', function(req, res) {
res.sendFile(path.join(__dirname + '/redirect.html'));
}); app1.listen(80, function(){'redirect server running on 80 port'})
}); app1.listen(80, function(){'重定向服务器运行在 80 端口'})
and in the redirect.html is just a redirecting html file:
在redirect.html 中只是一个重定向的html 文件:
<meta http-equiv="refresh" content="0; URL='https://my-site.com'" />
Of course, this won't work for complicated cases when you want to redirect all routings, but for me, I only want to redirect my homepage to my https homepage and get rid of the browser's insecure warning. Hope this help somebody!
当然,当你想重定向所有路由时,这不适用于复杂的情况,但对我来说,我只想将我的主页重定向到我的 https 主页并摆脱浏览器的不安全警告。希望这对某人有帮助!
回答by Victor Quinault
You should create a second server listening on 80 and redirect with a 301 header to your https server:
您应该创建第二个侦听 80 的服务器并使用 301 标头重定向到您的 https 服务器:
var express = require('express');
var app = express();
app.get('/', function(req, res, next){
res.redirect('https://' + app.address().address)
});
app.listen(80);
