Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to use force-ssl in meteor.js without deployment to meteor.com subdomains?

Tags:

ssl

meteor

The document is not clear. How to install certificate and etc in localhost?

force-ssl

This package causes Meteor to redirect insecure connections (HTTP) to a secure URL (HTTPS). Use this package to ensure that communication to the server is always encrypted to protect users from active spoofing attacks.

To simplify development, unencrypted connections from localhost are always accepted over HTTP.

Application bundles (meteor bundle) do not include an HTTPS server or certificate. A proxy server that terminates SSL in front of a Meteor bundle must set the standard x-forwarded-proto header for the force-ssl package to work.

Applications deployed to meteor.com subdomains with meteor deploy are automatically served via HTTPS using Meteor's certificate.
like image 935
poordeveloper Avatar asked Nov 26 '12 01:11

poordeveloper

2 Answers

I've slogged through setting up an Apache reverse proxy that terminates SSL in front of Meteor, and wanted to document that here as well.

I added the following to the config file for the SSL virtual host:

<VirtualHost _default_:443>
        ServerName server.domain.com

        ## SSL Engine Switch:
        # Enable/Disable SSL for this virtual host.
        SSLEngine on

        ## Proxy to port 3000 for Meteor apps
        SSLProxyEngine On
        ProxyRequests Off # Disable forward proxying
        ProxyPass / http://localhost:3000
        ProxyPassReverse / http://localhost:3000

        ## Your other SSL config directives such as certificates, etc.

</VirtualHost>
like image 112
Andrew Mao Avatar answered Nov 01 '22 02:11

Andrew Mao

You do not need to install certificates on localhost. As it says "To simplify development, unencrypted connections from localhost are always accepted over HTTP.", which means that you can develop and test the application without using SSL and without installing certificates. Just run you application and access it with http://localhost:3000 as usual.

If you are talking about installing certificates for publicly facing applications it is probably best to use a reverse proxy server such as nginx and install the certificates for that server. http://wiki.nginx.org/HttpProxyModule

like image 2
Ola Wiberg Avatar answered Nov 01 '22 02:11

Ola Wiberg
Sign in to Comment

Related questions

Rejecting mutual TLS gRPC connection based on RSA public key size
NET::ERR_CERT_AUTHORITY_INVALID in Chrome not incognito and Firefox locally with valid certs on nginx
How to consume a SOAP service over HTTPS in C#?
java keytool can export CSR but no import
How do I enable https only on certain pages with htaccess?
Cryptography and Authentication via TLS with Web of Trust in Java
Can I use normal http and https for the same endpoint
How and when to use ClientCert in CFHTTP tag?
Why is it so much harder to enable SSL (Transport security) over net.tcp than HTTP?
What is the reason of kSecTrustResultRecoverableTrustFailure?
Writing a SSL Checker using Java
Codeigniter: Connect to SSL Amazon RDS Database
Add SSL to a connection
Internet Explorer blocked this website from displaying content with security certificate errors
how to force accept only ssl connections in vsftpd? [closed]
How do Optimizely trick chrome to no prompt for loading insecure content
CakePHP Authcomponent session expires after using SSL unforce method
Android application working on WIFI and 3G(Without proxy), but not working on 3G(If proxy and port are assigned)
What's the best Node.js mysql module for connecting to mysql over ssl?
Are there drawbacks to credit card payment forms via an iframe? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!