How to access the OpenShift wildcard SSL certificate and private key

Question

On the OpenShift website here: https://help.openshift.com/hc/en-us/articles/202535440-How-do-I-get-SSL-for-my-domains-, it states

You can always take advantage of our *.rhcloud.com wildcard certificate in order 
to securely connect to any application via it's original, OpenShift-provided 
hostname URL.

However, Node's HTTPS server requires a file path to a certificate and private key in order to use HTTPS:

var privateKey  = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);

None of the OpenShift environment variables (https://www.openshift.com/developers/openshift-environment-variables) appear to be related to SSL certificates, and the documentation does not mention it other than at the above link, which provides no technical information in actually using it.

How do I access the privateKey and certificate file on an OpenShift Node.js gear/cartridge?

Answer 1

It turns out that all SSL certificates are handled by OpenShift routers before they reach the gear/cartridge. There is no need to setup an HttpsServer at all, the normal HttpServer listening on port 8080 will receive both HTTP and HTTPS traffic transparently.

This is true whether you are using a custom certificate or the wildcard certificate, which is pretty nifty.

Answer 2

Nodejs Express application scenario is detailed at OpenShift https answer. To sum up, use the X-Forwarded-Proto header's value from the request headers given to your nodejs web server by openshift's proxy to determine if reply should redirect client to https or is client already requesting on https.