api route not working over https

Question

I have a node server running on port 3000 to serve api request.

this works fine...

http://www.skoolaide.com:3000/api/accounts

this does not.

https://www.skoolaide.com:3000/api/accounts

Can someone tell me why? If you go to https://www.skoolaide.com, the ssl cert is configured correctly, but do I need to do something on the node side?

this is my server js file. Please note: is only runs the middleware(api) on port 3000. For some reason I cannot access the middleware via https...

    'use strict';
var express = require('express');
var router = express.Router();
var app = express();
var http = require('http');
var open = require('open');
var cors = require('cors');
var path = require('path');
var morgan = require('morgan');
var errorhandler = require('errorhandler');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
var config = require('./config/config');
var jwt = require('jsonwebtoken');
var compression = require('compression');
var runMiddleware = require('run-middleware')(app);
var fs = require('fs');
var readline = require('readline');
var google = require('googleapis');
var googleAuth = require('google-auth-library');
var multer = require('multer');
var node_xj = require("xls-to-json");
var moment = require('moment');
var async = require('async');
var btoa = require('btoa');
var sharp = require('sharp');
var students = require("./middleware/students.api");
var accounts = require("./middleware/accounts.api");
var messages = require("./middleware/messages.api");
var advocates = require("./middleware/advocates.api");
var authenticate = require("./middleware/authenticate.api");
var email = require("./middleware/email.api");
var text = require("./middleware/text.api");
var colleges = require("./middleware/colleges.api");
var amazon = require("./middleware/amazon.api");
var rewards = require("./middleware/rewards.api");
var files = require("./middleware/files.api");
var validations = require("./middleware/validations.api");
var points = require("./middleware/points.api");
var notifications = require("./middleware/notifications.api");
var notificationsMap = require("./middleware/notificationsMap.api");
var trivia = require("./middleware/trivia.api");
var tasks = require("./middleware/rewardgoals.api");
var classes = require("./middleware/classes.api");
var connections = require("./middleware/connections.api");
var badges = require("./middleware/badges.api");
var fixpasswords = require("./middleware/fixpasswords.api");
var Files = require('./models/files');




mongoose.connect(config.database);

process.on('SIGINT', function() {
  mongoose.connection.close(function () {
    console.log('Mongoose disconnected on app termination');
    process.exit(0);
  });
});


// use body parser so we can get info from POST and/or URL parameters
app.use(bodyParser.json({
  limit: '50mb'
}));
app.use(bodyParser.urlencoded({
  limit: '50mb',
  extended: true
}));

app.set('uploads', path.join(__dirname, 'uploads'));
app.get("/uploads/*", function (req, res, next) {
  res.sendFile(__dirname + req.url);
});
var whitelist = ['https://www.skoolaide.com', 'https://skoolaide.com'];
var corsOptionsDelegate = function (req, callback) {
  var corsOptions;
  if (whitelist.indexOf(req.headers['origin']) !== -1) {
    corsOptions = { origin: true, credentials: true } // reflect (enable) the requested origin in the CORS response 
  } else {
    corsOptions = { origin: false, credentials: false } // disable CORS for this request 
  }
  callback(null, corsOptions) // callback expects two parameters: error and options 
}
app.use(cors(corsOptionsDelegate));
//this is used because the body parser removes undefined values from the database.
app.set('json replacer', function (key, value) {
  // undefined values are set to `null`
  if (typeof value === "undefined") {
    return null;
  }
  return value;
});


app.use(multer({
  dest: './uploads/',
  rename: function (fieldname, filename) {
    return filename.replace(/\W+/g, '-').toLowerCase() + Date.now()
  },
  onFileUploadStart: function (file) {
    //console.log(file.fieldname + ' is starting ...')
  },
  onFileUploadData: function (file, data) {
    //console.log(data.length + ' of ' + file.fieldname + ' arrived')
  },
  onFileUploadComplete: function (file) {
    //console.log(file.fieldname + ' uploaded to  ' + file.path)
  }
}).any());

// "files" should be the same name as what's coming from the field name on the client side.
app.post("/api/upload", function (req, res) {
  //console.log(req.files[0].mimetype)


  fs.readFile(req.files[0].path, function (err, data) {

    var newPath = __dirname + "/uploads/" + req.headers["account_id"] + '_' + moment().format('MM_DD_YYYY_HH-mm-ss') + '_' + req.files[0].originalname.replace(/[^a-zA-Z0-9.]/g, '_');
        var readPath = "/uploads/" + req.headers["account_id"] + '_' + moment().format('MM_DD_YYYY_HH-mm-ss') + '_' + req.files[0].originalname.replace(/[^a-zA-Z0-9.]/g, '_');


    if(req.files[0].mimetype.indexOf('image') > -1){
          sharp(data)
            .rotate()
            .resize(800, 800)
            .max()
            .toFile(newPath, function(err, info){

              var file = new Files();
              file.owner = req.headers.account_id || null;       
              file.classId = req.body.classId || null;
              file.rewardGoalId = req.body.rewardGoalId || null;
              file.avatarId = req.body.avatarId || null;
              file.mimeType = req.files[0].mimetype || null;
              file.originalName = req.files[0].originalname || null;
              file.path = readPath;

              file.save(function (err, newFile) {
                  if (err) {
                      res.send(err);
                  } else {
                      res.send({ success: true, data: newFile }).end();
                  }
              });    
            });  
    }  else{
      //not an image file...

       var newPath = __dirname + "/uploads/" + req.headers["account_id"] + '_' + moment().format('MM_DD_YYYY_HH-mm-ss') + '_' + req.files[0].originalname.replace(/[^a-zA-Z0-9.]/g, '_');
       //console.log('Writing file: ', newPath);
    fs.writeFile(newPath, data, function (err) {


        var readPath = "/uploads/" + req.headers["account_id"] + '_' + moment().format('MM_DD_YYYY_HH-mm-ss') + '_' + req.files[0].originalname.replace(/[^a-zA-Z0-9.]/g, '_');
        //console.log(readPath)

         var file = new Files();
         file.owner = req.headers.account_id || null;       
         file.classId = req.body.classId || null;
         file.rewardGoalId = req.body.rewardGoalId || null;
         file.profileId = req.body.profileId || null;
         file.mimeType = req.files[0].mimetype || null;
         file.originalName = req.files[0].originalname || null;
         file.path = readPath;

         file.save(function (err, newFile) {
             if (err) {
                 res.send(err);
             } else {
                 res.send({ success: true, data: newFile }).end();
             }
         });      
    });





    }
    });
  });

app.use(express.static('www'))
var a = ['/'];
//all get requests resolve to index.
app.get(a, function (req, res) {
  console.log('This is a test', req.originalUrl, req.url);
  res.setHeader('Cache-Control', 'private, no-cache, no-store, must-revalidate');
  res.setHeader('Expires', '-1');
  res.setHeader('Pragma', 'no-cache');
  res.setHeader('X-UA-Compatible', 'IE=Edge,chrome=1');
  res.setHeader('Judson', 'Rocks!');
  if (req.originalUrl == '/') {  
    res.sendFile('www/index.html', {root: __dirname});
  }
});

app.set("superSecret", config.secret)


//var upload = require("./middleware/upload.api");

app.use('/api', router);
app.use('/api/students', students);
app.use('/api/accounts', accounts);
app.use('/api/messages', messages);
app.use('/api/advocates', advocates);
app.use('/api/authenticate', authenticate);
app.use('/api/email', email);
app.use('/api/text', text);
app.use('/api/colleges', colleges);
app.use('/api/amazon', amazon);
app.use('/api/rewards', rewards);
app.use('/api/files', files);
app.use('/api/validate', validations);
app.use('/api/points', points);
app.use('/api/notifications', notifications);
app.use('/api/notificationsMap', notificationsMap);
app.use('/api/trivia', trivia);
app.use('/api/rewardgoals', tasks);
app.use('/api/classes', classes);
app.use('/api/badges', badges);
app.use('/api/connections', connections);
app.use('/api/fixpasswords', fixpasswords);


/**SERVER*************************************/
// all environments 
app.set('port', process.env.PORT || 3000);
app.engine('html', require('ejs').renderFile);
// express/connect middleware
app.use(morgan('dev'));




app.use(compression()); //use compression 

// development only
if ('development' === app.get('env')) {
  app.use(errorhandler());
}

/**END SERVER*************************************/

var cluster = require('cluster');

if (cluster.isMaster) {
  var numWorkers = require('os').cpus().length;

  console.log('Master cluster setting up ' + numWorkers + ' workers...');

  for (var i = 0; i < numWorkers; i++) {
    cluster.fork();
  }

  cluster.on('online', function (worker) {
    console.log('Worker ' + worker.process.pid + ' is online');
  });

  cluster.on('exit', function (worker, code, signal) {
    console.log('Worker ' + worker.process.pid + ' died with code: ' + code + ', and signal: ' + signal);
    console.log('Starting a new worker');
    cluster.fork();
  });
} else {

  app.listen(app.get('port'),
    function () {
      console.log('myApp server listening on port ' + app.get('port'));
    });

}

Answer 1

Your code only starts an HTTP server. This line:

app.listen(app.get('port'))

starts only an http server. If you want support for HTTPS, you have to also start an HTTPS server and you have to start it on a different port. The express doc for app.listen() shows you how to do that and it's basicaly like this:

var express = require('express');
var https = require('https');
var http = require('http');
var app = express();

http.createServer(app).listen(80);
https.createServer(options, app).listen(443);

where options contains your SSL certificates and where you fill in the desired port numbers for your http server and your https server.

If you were operating under the illusion that you don't need a port number in the browser in order to access both an http and https server, that's because the browser fills in a default port number for you. If you just type an http URL, it uses port 80. If you type an https URL with no port, it uses port 443. If you're not on those two specific ports, you have to specify the desired port in the browser URL. In either case, you need a separate server on separate ports for both http and https.

Answer 2

Use var https = require("https"); not

Var http = require ("http");