CODEWITHSUNDEEP
sslmeteor
poordeveloper
poordeveloper

Reputation: 2322

how to use force-ssl in meteor.js without deployment to meteor.com subdomains?

The document is not clear. How to install certificate and etc in localhost?

force-ssl

This package causes Meteor to redirect insecure connections (HTTP) to a secure URL (HTTPS). Use this package to ensure that communication to the server is always encrypted to protect users from active spoofing attacks.

To simplify development, unencrypted connections from localhost are always accepted over HTTP.

Application bundles (meteor bundle) do not include an HTTPS server or certificate. A proxy server that terminates SSL in front of a Meteor bundle must set the standard x-forwarded-proto header for the force-ssl package to work.

Applications deployed to meteor.com subdomains with meteor deploy are automatically served via HTTPS using Meteor's certificate.

Upvotes: 6

Views: 3141

Answers (2)

Andrew Mao
Andrew Mao

Reputation: 36900

I've slogged through setting up an Apache reverse proxy that terminates SSL in front of Meteor, and wanted to document that here as well.

I added the following to the config file for the SSL virtual host:

<VirtualHost _default_:443>
        ServerName server.domain.com

        ## SSL Engine Switch:
        # Enable/Disable SSL for this virtual host.
        SSLEngine on

        ## Proxy to port 3000 for Meteor apps
        SSLProxyEngine On
        ProxyRequests Off # Disable forward proxying
        ProxyPass / http://localhost:3000
        ProxyPassReverse / http://localhost:3000

        ## Your other SSL config directives such as certificates, etc.

</VirtualHost>

Upvotes: 4

Ola Wiberg
Ola Wiberg

Reputation: 1679

You do not need to install certificates on localhost. As it says "To simplify development, unencrypted connections from localhost are always accepted over HTTP.", which means that you can develop and test the application without using SSL and without installing certificates. Just run you application and access it with http://localhost:3000 as usual.

If you are talking about installing certificates for publicly facing applications it is probably best to use a reverse proxy server such as nginx and install the certificates for that server. http://wiki.nginx.org/HttpProxyModule

Upvotes: 2

Related Questions