JHAWN
JHAWN

Reputation: 399

How to configure https in sails.js with .crt file

I am running sailsJS on nodeJS and am trying to setup HTTPS, however I seem to be stuck. I can acess my site at http://example.com:443, but not at https://example.com

This question is similar to how to configure https in sails.js except that I do not have .pem files, rather .crt and .key files that I got from Media Temple's QuickSSL.

This is what I have in config/bootstrap.js

module.exports.bootstrap = function (cb) {
    var fs = require('fs');
    sails.config.express.serverOptions = {
        key: fs.readFileSync('/etc/ssl/private/mysite.com.key'),
        cert: fs.readFileSync('/etc/ssl/crt/mysite.com.crt'),
        ca: [fs.readFileSync('/etc/ssl/crt/mysite.com-geotrust.crt')]
    };
    cb();
};

I set the port number to 443 in config/local.js

Can anyone point me in the right direction?

Upvotes: 9

Views: 3589

Answers (5)

Sambhav Sharma
Sambhav Sharma

Reputation: 5860

As an update from 0.9 to 0.10 , the local.js file should now have

ssl : {
key: fs.readFileSync(‘server.key’),
cert: fs.readFileSync(‘server.crt’)
}

instead of

express : {
        serverOptions : {
            key: fs.readFileSync('ssl/server.key'),
            cert: fs.readFileSync('ssl/server.crt')
        }
    };

Upvotes: 0

user15032
user15032

Reputation: 1

I also found that using ciphers: "HIGH:!aNULL:!MD5:!3DES", Will maker better results, try checking via

https://www.ssllabs.com/ssltest/analyze.html

Upvotes: 0

Patryk
Patryk

Reputation: 24120

Just to add some configuration options to what others already mentioned I want to add that you can specify ciphers to be used like so ( preceding those that shouldn't be used with !):

  express: { serverOptions : { 
    key: fs.readFileSync('ssl/key.pem'),
    cert: fs.readFileSync('ssl/cert.pem'),
    ciphers: "DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:DHE-DSS-AES128-SHA:DHE-DSS-AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:!AES256-SHA",
    honorCipherOrder: true //  this is necessary to make the ciphers order matter
    }   
  }

You can also pass other option that are stated on node's tls documentation page: http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener.

Upvotes: 1

user568109
user568109

Reputation: 48003

The official documentation for SSL in sailsJS is still under works, but I found this on the deployment page. In your config/local.js

module.exports.port = 80;
module.exports.environment = 'production';
module.exports.ssl = {
    cert: 'path/to/cert',
    key: 'path/to/key'
};

express and sailsJS have changed a lot. So you should try newer examples. I could not find many examples on this.

Upvotes: 1

tslater
tslater

Reputation: 4432

I've experienced that the syntax you're using to configure express doesn't work for newer versions of sails so I updated it and it works with a self signed certificate. I moved the code to the local.config file since it is really an environment setting...The one thing I haven't tried is the certificate authority.

Here is what my config.local files looks like:

var fs = require('fs');

module.exports = {
  express: { serverOptions : {
      key: fs.readFileSync('ssl/mysite.key'),
      cert: fs.readFileSync('ssl/mysite.com.crt')
    }
  },
  port: process.env.PORT || 443,
  environment: process.env.NODE_ENV || 'development'
};

If that doesn't work you probably want to look at a few things:

  1. If you're running on port 443 you need to call "sudo sails lift"
  2. The file path must be valid (in my case the ssl directory was in the project root)
  3. The file permissions must be readable for the files ('etc' in your example is normally only readable/executable by the root user)

Upvotes: 3

Related Questions