Johan
Reputation: 51
multiple certificates/vhosts with Express
I used nodejs for a while now with multiple hosts, using Express + vhost in Cody-CMS. Now I wanted to include also virtual https servers.
The SNICallback is called, but it ends there... my Express app "exp" is never called (not even if I replace it in createServer with a simple function -- in comments). I get the "request for: site1.com" (or site2.com), but nothing is returned to the browser.
For the http servers it works perfect.
Any help is welcome.
"use strict";
var express = require("express");
var vhost = require("vhost");
var fs = require("fs");
var app1 = express();
app1.all("/", function(req, res) {
res.send('Hello World, site #1');
});
var app2 = express();
app2.all("/", function(req, res) {
res.send('Hello World, site #2');
});
//////////////////
// certificates //
//////////////////
var crypto = require('crypto');
const site1 = {
app: app1,
context: crypto.createCredentials({
key: fs.readFileSync('ws.key').toString(),
cert: fs.readFileSync('ws.crt').toString()
}).context
};
const site2 = {
app: app2,
context: crypto.createCredentials({
key: fs.readFileSync('ws2.key').toString(),
cert: fs.readFileSync('ws2.crt').toString()
}).context
};
var sites = {
"www.site1.com": site1,
"site1.com": site1,
"www.site2.com": site2,
"site2.com": site2
};
// put (www.)site1/2.com in /etc/hosts to 127.0.0.1
//////////
// http //
//////////
var exp = express();
for (let s in sites) {
console.log("http -> " + s);
exp.use(vhost(s, sites[s].app));
}
exp.listen(80, function () {
console.log("Listening https on port: 80")
});
///////////
// https //
///////////
var secureOpts = {
SNICallback: function (domain) {
console.log('request for: ', domain);
return sites[domain].context;
},
key: fs.readFileSync('ws.key').toString(),
cert: fs.readFileSync('ws.crt').toString()
};
var https = require('https');
var httpsServer = https.createServer(secureOpts, exp);
// var httpsServer = https.createServer(secureOpts, function(req, resp) { resp.send("hello"); });
httpsServer.listen(443, function () {
console.log("Listening https on port: 443")
});
Upvotes: 4
Views: 2460
Answers (3)
Skraloupak
Reputation: 424
You can use also tls.createSecureContext withou crypto.createCreadentials
MY example here:
const https = require("https");
const tls = require("tls");
const certs = {
"localhost": {
key: "./certs/localhost.key",
cert: "./certs/localhost.crt",
},
"example.com": {
key: "./certs/example.key",
cert: "./certs/example.cert",
ca: "./certs/example.ca",
},
}
function getSecureContexts(certs) {
if (!certs || Object.keys(certs).length === 0) {
throw new Error("Any certificate wasn't found.");
}
const certsToReturn = {};
for (const serverName of Object.keys(certs)) {
const appCert = certs[serverName];
certsToReturn[serverName] = tls.createSecureContext({
key: fs.readFileSync(appCert.key),
cert: fs.readFileSync(appCert.cert),
// If the 'ca' option is not given, then node.js will use the default
ca: appCert.ca ? sslCADecode(
fs.readFileSync(appCert.ca, "utf8"),
) : null,
});
}
return certsToReturn;
}
// if CA contains more certificates it will be parsed to array
function sslCADecode(source) {
if (!source || typeof (source) !== "string") {
return [];
}
return source.split(/-----END CERTIFICATE-----[\s\n]+-----BEGIN CERTIFICATE-----/)
.map((value, index: number, array) => {
if (index) {
value = "-----BEGIN CERTIFICATE-----" + value;
}
if (index !== array.length - 1) {
value = value + "-----END CERTIFICATE-----";
}
value = value.replace(/^\n+/, "").replace(/\n+$/, "");
return value;
});
}
const secureContexts = getSecureContexts(certs)
const options = {
// A function that will be called if the client supports SNI TLS extension.
SNICallback: (servername, cb) => {
const ctx = secureContexts[servername];
if (!ctx) {
log.debug(`Not found SSL certificate for host: ${servername}`);
} else {
log.debug(`SSL certificate has been found and assigned to ${servername}`);
}
if (cb) {
cb(null, ctx);
} else {
return ctx;
}
},
};
var https = require('https');
var httpsServer = https.createServer(options, (req, res) => { console.log(res, req)});
httpsServer.listen(443, function () {
console.log("Listening https on port: 443")
});
If you want test it:
edit /etc/hosts and add record
127.0.0.1 example.comopen browser with url
https://example.com:443
Upvotes: 1
Johan
Reputation: 51
With the help of mscdex I made the example working. http://coppieters.blogspot.be/2016/04/nodejs-virtual-hosts-websitesapps-on.html
Upvotes: 1
mscdex
Reputation: 106696
The SNICallback has a second parameter: cb. cb has a signature of (error, context). So your secureOpts should look like:
var secureOpts = {
SNICallback: function(domain, cb) {
console.log('request for: ', domain);
cb(null, sites[domain].context);
},
key: fs.readFileSync('ws.key').toString(),
cert: fs.readFileSync('ws.crt').toString()
};
Upvotes: 3
Related Questions
- Using async/await with a forEach loop
- How do I get the path to the current script with Node.js?
- Proper way to return JSON using node or Express
- NodeJS / Express: what is "app.use"?
- What does body-parser do with express?
- How to get the full URL in Express?
- How to access the GET parameters after "?" in Express?
- bodyParser is deprecated express 4
- How to access POST form fields in Express
- Registering Glass Timeline Notification with Node