3

I'm having difficulty getting a node.js app deployed as an Azure Web Site to listen on the appropriate port for SSL (within the Azure environment).

Serving up SSL requests in any other environment where I have control over the port is no problem and working fine. I don't believe this to be an issue with the app code (using Express, FYI).

Azure Web Sites seem to forward port 80 traffic from the load balancer to whatever port is available, which is set in the process.env.PORT variable.

I don't see any relevant equivalent within process.env for SSL traffic, despite having successfully loaded a cert into the Azure portal for the given Web Site and configured its bindings.

My question is this: how can I configure Azure to spit out the requisite file descriptor for traffic on port 443?

I've read a little on how to configure a worker in a Cloud Service here, but it doesn't seem applicable for a Web Site.

For reference, when I attempt to listen on either 443 or process.env.PORT, I get the following error:

Application has thrown an uncaught exception and is terminated:
Error: listen EACCES
    at errnoException (net.js:901:11)
    at Server._listen2 (net.js:1039:14)
    at listen (net.js:1061:10)
    at Server.listen (net.js:1127:5)
Nick W
  • 135
  • 2
  • 8
  • Are you specifying an address to listen on? – hexacyanide Oct 01 '13 at 02:26
  • For those curious, a normal http server listening on `process.env.NODE` is all that you need - no https server in addition. – Nick W Oct 01 '13 at 14:38
  • @hexacyanide: No. Well, I had tried using the azure PORT with an https.Server instance, but that threw the `EACCES` error above. – Nick W Oct 01 '13 at 14:40
  • @Nick W, I think you mean process.env.PORT, not process.env.NODE. – keithl8041 Jul 28 '15 at 16:27
  • If you need to force SSL, check out this q&a: http://stackoverflow.com/questions/20578283/how-do-you-force-express-on-node-js-in-azure-websites-to-use-https – andes Aug 28 '15 at 03:38

1 Answers1

8

I assume you've read http://www.windowsazure.com/en-us/develop/net/common-tasks/enable-ssl/

If I understand it correctly, Azure will do the https termination for you. Your app/service still gets http traffic.

Regardless, you still need to listen on process.env.PORT. Always. And will always get http traffic there (not https). If the original client used port 80, Azure will just do a pass-thru to you. If the client used 443, Azure will terminate the https and open an http request to you.

Nitzan Shaked
  • 13,460
  • 5
  • 45
  • 54
  • Ah, that's the key. Azure takes care of the encryption all in itself and just pipes the decrypted request to the app. – Nick W Oct 01 '13 at 14:35
  • Nick, did you get this working? Do you not have to specify the key and certs in the node.js application if Azure takes care of the encryption? I'm having a similar problem. Also, is there a way to force https for all requests? In another words, I want to only have https on, like gmail. – Matt Kim Dec 04 '13 at 06:22