How do you force express on node.js in Azure Websites to use https?

Running on Windows Azure Websites, I want to use ssl via the default *.azurewebsites.net certificate. It works without doing anything, but http is also available for every destination, not just https. How do I force a redirect from http to https? Normally I could just do something like:

var https = require('https'); ... var options = { key: fs.readFileSync('path.key'), cert: fs.readFileSync('path.crt') }; ... https.createServer(options, app)

but since I don't know anything about the *.azurewebsites.net certificate, such as its path, that's not going to work.

How do I redirect all or some requests to https?

-------------Problems Reply------------

In web.config, add the following rule before any other rule that has stopProcessing="true".

<rule name="RedirecttoHTTPS">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{URL}" pattern="/$" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="SeeOther" />
</rule>

You can also just use the normal http.createServer(app) for production if you want to the *.azurewebsite.net wildcard certificate.

References:

  1. How to require SSL in IIS7 and Azure with Rewrite
  2. URL Rewrite Module Configuration Reference

Since it sounds like Azure Websites is acting as a reverse proxy in your case, this approch may work for you:

If you can get the protocol from the following, it should help you:

req.headers['x-forwarded-proto']

This should give you the http or https you need to key on on order to do a redirect if it is not valid for the resource you are serving.

I use code like the following to redirect any time I get a request (for an html file or site root for example). I put all the files I want to be secure in a /secure directory to make it easy to know what should and should not be ssl:

protocol = req.headers['x-forwarded-proto'];

if ((req.url.lastIndexOf('.html') == (req.url.length - 5)) || (req.url.slice(-1) == '/')) {
if (protocol == 'http') {

if (req.url.indexOf('/secure/') == 0) {
console.log('Non ssl request made to secure resource: ' + req.url);
console.log('Redirecting to https://' + site_host_name + req.url);
res.writeHead(301,
{Location: 'https://' + site_host_name + req.url}
);
res.end();
return;
} else {
next();
return;
}
} else {
if (req.url.indexOf('/secure/') != 0) {
console.log('ssl request made for non-secure resource: ' + req.url);
console.log('Redirecting to http://' + site_host_name + req.url);
res.writeHead(301,
{Location: 'http://' + site_host_name + req.url}
);
res.end();
return;
} else {
next();
return;
}
}
}

Category:node.js Views:0 Time:2013-12-14

Related post

  • Express.js, Node.js Jade - Following the expressjs.com tutorials, and getting errors 2011-05-01

    Well I'm trying to get into Node.js / Express.js - however I've been having a few issue going through the screencast, the first issue, now resolved, was pretty obvious when it was spotted (Express.js, Node.js Jade vim). However, I'm now getting the f

  • Is there anyway Express in Node.js can have more than one static folder? 2011-08-09

    I'm working on a project where there is a user uploaded collection of styles, scripts and images and then their is my app's collection of styles, scripts and images. They're two different places on my server. Is there anyway I can setup Express in No

  • Learning Express for Node.js 2011-11-15

    Anyone have pointers to good resources for learning Express? I'm aware of the documentation and the nodetuts.com videos. Curious if there are any other good resources out there. --------------Solutions------------- If I would do it all over again wit

  • Debugging Node.js with Azure 2011-12-14

    I have been fooling around with Node.js and Azure. I have created a simple worker role which supports socket connections. I'm trying to debug my application but don't really know how, since it is essentially a socket server. To make matters worse I h

  • Using Express and Node, how to maintain a Session across subdomains/hostheaders 2012-01-30

    I have a single node server that responds to requests and redirects a user based on host headers. The usage is that the static/home site lives at www and each user has their own sub domain (i.e. www.example.com and site.example.com). The routing is a

  • Adding forced preview to node and change submit button value in Drupal? 2009-09-07

    This question is two-fold: Is there any way to force a user to first preview a SPECIFIC node before submitting it? i.e. Not all nodes using /admin/content/node-settings ... but only ONE specific node. Is there any way to change the labels to instead

  • xpath: how to express text nodes? 2009-10-17

    consider: text 1 text 2 text 3 how can you express the textnode in xpath ? --------------Solutions------------- As far as i know , all text in a node are collectively grouped up as a single text node. They are not hierarchical so there wont be more t

  • How to I load a javascript file using express and node.js? 2010-10-22

    I'm trying to figure out how to load a simple javascript client-side library while using node.js and express. Any ideas? See below. HAML: %script{type: 'text/javascript', src: '/jquery-1.4.3.js'} %script{type: 'text/javascript', src: '/client.js'} ap

  • Forcing "main line" nodes into a straight line in Graphviz (or alternatives) 2011-01-12

    I'm trying to use Graphviz dot (but am willing to use something else) to generate a graph with a long "main line" of nodes, and many small branches. I'd like the main line to be straight from left to right, with the small branches above or below it.

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.257 (s). 11 q(s)