Unleash documentation can be found here: https://unleash.github.io/docs/getting_started
There are resources available to "secure" unleash but no mention of running unleash over HTTPS. I have created an authentication middleware hook, but if I can't deploy over HTTPS client credentials would be sent encrypted - which is unacceptable.
I want unleash to run as a web app in Azure App Service. How can I configure this as intended?
By default, Unleash runs on port 4242. The unleash start function allows you to customize port numbers like so:
unleash
.start({
databaseUrl: process.env.DATABASE_URL,
port: {CUSTOM}
})
.then(unleash => {
console.log(
`Unleash started on port ${unleash.app.get('port')}`,
);
});
However, if you set port to 443 for HTTPS support, Azure app service will throw an error that the command does not have permission to run at that port:
EACCES: permission denied 0.0.0.0:443
If you output the value of process.env.PORT you will see a dynamic value such as:
\\.\pipe\fc1ef0b7-c1ce-4186-f9d8-fd0b5b0f6d0a
Azure is setting a named pipe in the env that Unleash can use as its "port". Therefore, the proper unleash setup would be as follows:
unleash
.start({
databaseUrl: process.env.DATABASE_URL,
pipe: process.env.PORT
})
.then(unleash => {
console.log(
`Unleash started on port ${unleash.app.get('port')}`,
);
});
Notice the option of "pipe" rather than "port" as a parameter for "start". Do not specify the "port" option in this case. Unleash documentation provides more insight into how the pipe works with node here.
P.S. One can also benefit from a web.config rule that redirects all http connections to https.