I'm using node in combination with IIS by using iisnode.
I seems to me that things that I was previously doing in Node to configure the server can now be done directly in IIS.
Things like:
Does this mean I can get rid of the node code that did that and go just for the IIS method?
var fs = require('fs');
var https = require('https');
var options = {
key: fs.readFileSync('./ssl/xxxxxxx.private.pem'),
cert: fs.readFileSync('./ssl/xxxxxxx.public.pem'),
};
https.createServer(options, app).listen(443);
iisnode is an open source native IIS module written in C++ that allows node. js (node.exe) to be run inside Windows IIS. First, a quick reminder about the difference between managed vs native modules. A module is either a Win32 DLL (native module) or a .NET 2.0 type contained within an assembly (managed module)"
The HTTPS module provides a way of making Node. js transfer data over HTTP TLS/SSL protocol, which is the secure HTTP protocol.
To be sure that your Application is using the added IIS Node version, go to the properties of “node.exe” in the process explorer and under “Environment Variables” blade where we would see the setting “IISNODE_VERSION” set to version of “iisnode.
Your keys and pfx should never live on the file system. One slip up could serve your files to the internet and now everyone can get your key. Storing them in the windows cert store is best.
Yes. You should do all the ssl configuration on IIS and Windows.
This is what I have used on production.
On the application, you should simply write:
var app = express();
app.listen(process.env.port);
Then web.config for iisnode should look like this:
<configuration>
<system.webServer>
<handlers>
<add name="iisnode" path="app.js" verb="*" modules="iisnode" />
</handlers>
<rewrite>
<rules>
<rule name="HTTP to Prod HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
<!-- Don't interfere with requests for logs -->
<rule name="LogFile" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^[a-zA-Z0-9_\-]+\.js\.logs\/\d+\.txt$" />
</rule>
<!-- Don't interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^app.js\/debug[\/]?" />
</rule>
<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}" />
</rule>
<!-- All other URLs are mapped to the Node.js application entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True" />
</conditions>
<action type="Rewrite" url="app.js" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With