Do not use HTTPS application routing by default, make it optional via

env variable.
This commit is contained in:
Ondrej Synacek 2019-11-04 20:12:24 +01:00
parent 10fe14dcc5
commit 63f8e35426
2 changed files with 7 additions and 2 deletions

View File

@ -18,11 +18,16 @@ const port = process.env.PORT
const certEndpoint = process.env.CERT_ENDPOINT || ''
const certSecret = process.env.CERT_SECRET || ''
const isDevelopment = process.env.NODE_ENV === 'development'
const enforceHTTPS = Boolean(process.env.ENFORCE_HTTPS)
const app = express()
const appLogger = createAppLogger({ dev: isDevelopment })
app.use(forceSecure)
// Force app to always redirect to HTTPS
// use when you can't configure web server
if (enforceHTTPS) {
app.use(forceSecure)
}
// Server logs
app.use(createRouteLogger({ dev: isDevelopment }))

View File

@ -30,7 +30,7 @@ The app is automatically set up to create logs in `logs/` directory each day but
### HTTPS
App contains middleware that will redirect all traffic to HTTPS if the requests contain header `X-FORWARDED-PROTO`.
App contains middleware that will redirect all traffic to HTTPS if the requests contain header `X-FORWARDED-PROTO`. For this to work, the middleware has to be enabled by setting environment variable `ENFORCE_HTTPS` to value `1`.
There are environment variables for setting pu SSL certificate from Let's Encrypt (acme challenge): `CERT_ENDPOINT` and `CERT_SECRET`.