Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
611 views
in Technique[技术] by (71.8m points)

node.js - Heroku Error H13 on ExpressJS Node HTTPS Server

I'm trying to implement HTTPS on my Node.js server (Expressjs framework). I have my signed certificate and key, as well as a self-signed cert/key for testing/development:

if(process.env.NODE_ENV == 'production'){
  var app = module.exports = express.createServer({
    key: fs.readFileSync('./ssl/nopass_server.key'),
    cert: fs.readFileSync('./ssl/server.crt')
  });
} else {
  var app = module.exports = express.createServer({
    key: fs.readFileSync('./ssl/self_signed/nopass_server.key'),
    cert: fs.readFileSync('./ssl/self_signed/server.crt')
  });
}

I've also setup SSL Endpoint on Heroku. Everything works fine on localhost, and Endpoint seems to be working properly, but when I run the app in production (on Heroku) I get an H13 application error. Interestingly (or not) if I tell express to create an HTTP server instead: var app = module.exports = express.createServer() it works, but then Chrome complains that the page at https://mydomain.com ran insecure content from http://mydomain.com.

Can I not/should I not be creating an HTTPS server in express for production? If I should, is there something extra I need to make it work on Heroku (e.g. I'm trusting it to set the correct port with var port = process.env.PORT)? If not, how can I serve "secure" content if its not running an https server so browsers won't complain?

I'm using the following to take care of any non-https requests:

app.get('*',function(req,res,next){
  if(req.headers['x-forwarded-proto'] != 'https'){
    res.redirect('https://mydomain.com'+req.url);
  } else next();
});

This is currently located just above the rest of my routes, could this be the issue/should this be somewhere else?

I have very limited experience with https in general so I'm probably missing something obvious.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

SSL termination occurs at Heroku's load balancers; they send your app plain (non-SSL) traffic, so your app should create a non-HTTPS server. As for the page at https://mydomain.com ran insecure content from http://mydomain.com, make sure that all the images/scripts/etc. your page is using is also served over the https protocol.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...