Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTPS and iisnode

I'm using node in combination with IIS by using iisnode.

I seems to me that things that I was previously doing in Node to configure the server can now be done directly in IIS.

Things like:

  • https configuration (and certificates)
  • http to https redirection

Does this mean I can get rid of the node code that did that and go just for the IIS method?

var fs = require('fs');
var https = require('https');

var options = {
    key: fs.readFileSync('./ssl/xxxxxxx.private.pem'),
    cert: fs.readFileSync('./ssl/xxxxxxx.public.pem'),
};

https.createServer(options, app).listen(443);
like image 946
Alvaro Avatar asked Nov 23 '15 11:11

Alvaro


People also ask

What is Iisnode?

iisnode is an open source native IIS module written in C++ that allows node. js (node.exe) to be run inside Windows IIS. First, a quick reminder about the difference between managed vs native modules. A module is either a Win32 DLL (native module) or a .NET 2.0 type contained within an assembly (managed module)"

What is https in node JS?

The HTTPS module provides a way of making Node. js transfer data over HTTP TLS/SSL protocol, which is the secure HTTP protocol.

How do I know if Iisnode is installed?

To be sure that your Application is using the added IIS Node version, go to the properties of “node.exe” in the process explorer and under “Environment Variables” blade where we would see the setting “IISNODE_VERSION” set to version of “iisnode.


1 Answers

Your keys and pfx should never live on the file system. One slip up could serve your files to the internet and now everyone can get your key. Storing them in the windows cert store is best.

Yes. You should do all the ssl configuration on IIS and Windows.

This is what I have used on production.

On the application, you should simply write:

var app = express();
app.listen(process.env.port);

Then web.config for iisnode should look like this:

<configuration>
  <system.webServer>

    <handlers>
      <add name="iisnode" path="app.js" verb="*" modules="iisnode" />
    </handlers>


<rewrite>
  <rules>
    <rule name="HTTP to Prod HTTPS redirect" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
    </rule>
    <!-- Don't interfere with requests for logs -->
    <rule name="LogFile" patternSyntax="ECMAScript" stopProcessing="true">
      <match url="^[a-zA-Z0-9_\-]+\.js\.logs\/\d+\.txt$" />
    </rule>
    <!-- Don't interfere with requests for node-inspector debugging -->
    <rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
      <match url="^app.js\/debug[\/]?" />
    </rule>
    <!-- First we consider whether the incoming URL matches a physical file in the     /public folder -->
    <rule name="StaticContent">
      <action type="Rewrite" url="public{REQUEST_URI}" />
    </rule>
    <!-- All other URLs are mapped to the Node.js application entry point -->
    <rule name="DynamicContent">
      <conditions>
         <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True" />
      </conditions>
      <action type="Rewrite" url="app.js" />
    </rule>
  </rules>
</rewrite>

  </system.webServer>
</configuration>
like image 192
Barış Velioğlu Avatar answered Oct 02 '22 08:10

Barış Velioğlu