我已经搜索了stackoverflow和快速谷歌组,但我仍然很短.
从我收集的内容来看,我可以做以下两件事之一:
1)创建http服务器和https服务器的实例,并将两者设置为侦听两个不同的端口.在路由中,将http请求重定向到https端口.
//app
var app = express.createServer();
var app_secure = express.createServer({key: key,cert: cert});
app.listen(8080);
app_secure.listen(8443);
//routes
app.get("unsecure/path",function(req,res) {
...
}
app.get("secure/path",res) {
res.redirect("https://domain" + req.path);
}
app_secure.get("secure/path",res) {
res.send("secure page");
}
2)做什么TJ Hollowaychuk说:https://gist.github.com/1051583
var http = require("http");
var https = require("https");
var app = express.createServer({key: key,cert: cert});
http.createServer(app.handle.bind(app)).listen(8080);
https.createServer(app.handle.bind(app)).listen(8443);
当我做1时,通常没有问题.然而,管理两台服务器感觉很笨,我觉得应该有更好的方法.
当我做2时,我明白了:
(节点SSL)错误:1408A0C1:SSL例程:SSL3_GET_CLIENT_HELLO:无共享密码
当然,我可以默认选项1,但我真的,我真的想知道为什么我在做选项2时得到“没有共享密码错误”.选项2将是我的首选路由.
解决方法
关注@ypocat的评论,你可以在你的express.js应用程序中启用https
var http = require('http');
var https = require('https');
var express = require('express');
var fs = require('fs');
var app = express.createServer();
// cutomize your app as ususal
app.configure( function () { ... });
app.configure('production',function () { ... });
// ....
// attach express handler function to TWO servers,one for http and one for https
http.createServer(app.handle.bind(app)).listen(8080);
https.createServer({
ca: fs.readFileSync('./server.ca-bundle'),key: fs.readFileSync('./server.key'),cert: fs.readFileSync('./server.crt')
},app.handle.bind(app)).listen(8081);
请注意,您应该从证书颁发机构接收server.ca-bundle,server.key和server.crt.
另外,由于您可能在没有sudo的情况下运行节点,因此需要确保端口80(http)和443(https)处于打开状态
# in Ubuntu sudo ufw status sudo ufw allow 80 sudo ufw allow 443
并分别转发8080至80和8081至443的请求
# in Ubuntu iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8081
希望这可以帮助
