8

I've scoured stackoverflow and the express google group, but I'm still coming up short.

From what I gather, I can do one of two things:

1) create an instance of an http server and an https server and set the two to listen to two different ports. In the routes, redirect the http request to the https port.

//app
var app = express.createServer();
var app_secure = express.createServer({key: key, cert: cert});

app.listen(8080);
app_secure.listen(8443);

//routes
app.get("unsecure/path", function(req, res) {
  ...
}

app.get("secure/path", function(req, res) {
  res.redirect("https://domain" + req.path);
}

app_secure.get("secure/path", function(req, res) {
  res.send("secure page");
}

2) do what TJ Hollowaychuk says: https://gist.github.com/1051583

var http = require("http");
var https = require("https");
var app = express.createServer({key: key, cert: cert});

http.createServer(app.handle.bind(app)).listen(8080);
https.createServer(app.handle.bind(app)).listen(8443);

When I do 1, there are generally no problems. However, it feels clunky to manage two servers and I really feel like there should be a better way.

When I do 2, I get this:

(node SSL) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Of course, I can just default to option 1, but I really, really want to know why I'm getting that "no shared cipher error" when I do option 2. And option 2 would be my preferred route.

aek
  • 825
  • 1
  • 9
  • 17
  • I ended up using Nginx to handle SSL. @Benjie The cert is RSA. I'll give your suggestion a try in the near future. Thanks. – aek Oct 28 '11 at 20:05
  • Could you point to how you configured nginx to handle ssl for node? Thanks – Mamsaac Dec 15 '11 at 00:32
  • Thing is you did not do what TJ's gist said - almost, but not exactly. The https options need to go to the https server, not to the express.createServer. Then it works. However getting it then to work with a websocket server is another matter entirely:) – youurayy Feb 29 '12 at 00:03
  • 1
    @Mamsaac sorry, i didn't get your comment sooner. I documented what I did here: http://fanqu.net/notes/. I'm still a bit of a newbie with this stuff, so take from it what you will. – aek Mar 01 '12 at 06:12
  • I had even forgotten about that. Thanks :) I did it a bit differently, since I used nginx for the load balancing. – Mamsaac Mar 01 '12 at 22:57

2 Answers2

11

Following @ypocat 's comment you can enable https in your express.js application like so

 var http = require('http');
 var https = require('https');
 var express = require('express');
 var fs = require('fs');

 var app = express.createServer();

 // cutomize your app as ususal
 app.configure( function () { ... });
 app.configure('production', function () { ... });
 // ....

 // attach express handler function to TWO servers, one for http and one for https
 http.createServer(app.handle.bind(app)).listen(8080);
 https.createServer({
   ca: fs.readFileSync('./server.ca-bundle'),
   key: fs.readFileSync('./server.key'),
   cert: fs.readFileSync('./server.crt')
 }, app.handle.bind(app)).listen(8081);

Note that you should receive server.ca-bundle, server.key and server.crt from a certificate authority.

Also as you will probably run node without sudo you need to make sure port 80(http) and 443(https) are open

# in Ubuntu
sudo ufw status
sudo ufw allow 80
sudo ufw allow 443

and to forward requests on 8080 to 80 and from 8081 to 443 respectively

# in Ubuntu
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8081

Hope this helps

alexandru.topliceanu
  • 2,364
  • 2
  • 27
  • 38
-1

Is your certificate an RSA certificate rather than a DSA one? It sounds like the ciphers your browser supports are not supported by your nodejs server - you many need to update your OpenSSL and recompile NodeJS?

Benjie
  • 7,701
  • 5
  • 29
  • 44