How to configure https in sails.js with .crt file

Question

I am running sailsJS on nodeJS and am trying to setup HTTPS, however I seem to be stuck. I can acess my site at http://example.com:443, but not at https://example.com

This question is similar to how to configure https in sails.js except that I do not have .pem files, rather .crt and .key files that I got from Media Temple's QuickSSL.

This is what I have in config/bootstrap.js

module.exports.bootstrap = function (cb) {
    var fs = require('fs');
    sails.config.express.serverOptions = {
        key: fs.readFileSync('/etc/ssl/private/mysite.com.key'),
        cert: fs.readFileSync('/etc/ssl/crt/mysite.com.crt'),
        ca: [fs.readFileSync('/etc/ssl/crt/mysite.com-geotrust.crt')]
    };
    cb();
};

I set the port number to 443 in config/local.js

Can anyone point me in the right direction?

Answer 1

I've experienced that the syntax you're using to configure express doesn't work for newer versions of sails so I updated it and it works with a self signed certificate. I moved the code to the local.config file since it is really an environment setting...The one thing I haven't tried is the certificate authority.

Here is what my config.local files looks like:

var fs = require('fs');

module.exports = {
  express: { serverOptions : {
      key: fs.readFileSync('ssl/mysite.key'),
      cert: fs.readFileSync('ssl/mysite.com.crt')
    }
  },
  port: process.env.PORT || 443,
  environment: process.env.NODE_ENV || 'development'
};

If that doesn't work you probably want to look at a few things:

1. If you're running on port 443 you need to call "sudo sails lift"
2. The file path must be valid (in my case the ssl directory was in the project root)
3. The file permissions must be readable for the files ('etc' in your example is normally only readable/executable by the root user)

Answer 2

The official documentation for SSL in sailsJS is still under works, but I found this on the deployment page. In your config/local.js

module.exports.port = 80;
module.exports.environment = 'production';
module.exports.ssl = {
    cert: 'path/to/cert',
    key: 'path/to/key'
};

express and sailsJS have changed a lot. So you should try newer examples. I could not find many examples on this.

Answer 3

Just to add some configuration options to what others already mentioned I want to add that you can specify ciphers to be used like so ( preceding those that shouldn't be used with !):

  express: { serverOptions : { 
    key: fs.readFileSync('ssl/key.pem'),
    cert: fs.readFileSync('ssl/cert.pem'),
    ciphers: "DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:DHE-DSS-AES128-SHA:DHE-DSS-AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:!AES256-SHA",
    honorCipherOrder: true //  this is necessary to make the ciphers order matter
    }   
  }

You can also pass other option that are stated on node's tls documentation page: http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener.