From 49a3319e5863fe461e950641caadbef0322010ad Mon Sep 17 00:00:00 2001 From: Key Networks <34238649+key-networks@users.noreply.github.com> Date: Fri, 29 Dec 2017 21:39:16 +0800 Subject: [PATCH] HTTPS_PORT and HTTPS_HOST in .env --- README.md | 19 ++++++++++++++++--- bin/www | 52 ++++++++++++++++++++++++++++++++++------------------ 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 84b797f..f69a560 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ npm start ``` This will run the app on TCP port 3000 by default. If port 3000 is already in use, you can specify a different port in the `.env` file (see 3B above), e.g.: ``` -PORT=3456 +HTTP_PORT=3456 ``` ##### 6. Start the app automatically @@ -113,9 +113,22 @@ curl http://localhost:3000 ``` You should see the front page of the app (or the raw HTML with curl). -##### 8. Remote access: -For security reasons (until this app is battle-hardened and has been scrutinized by the ZT community), it currently listens only on the looback interface. It can be reverse proxied by something like Nginx, but it would be best to access over an SSH tunnel at this stage. +##### 8. Remote access via HTTPS +This app listens for HTTP requests on the looback interface (default port 3000). It can be reverse proxied by Nginx (which can proxy the HTTP as HTTPS), or accessed over an SSH tunnel as described below. +The app can be made to listen on all interfaces for HTTPS requests by specifying HTTPS_PORT in the .env file, e.g.: +``` +HTTPS_PORT=3443 +``` +If HTTPS_PORT is not specified, then the app will only listen for HTTP requests on localhost. + +The app can be made to listen on a specific interface for HTTPS requests by specifying HTTPS_HOST (the host name or IP address of the interface) in the .env file, e.g.: +``` +HTTPS_HOST=12.34.56.78 +``` +If HTTPS_HOST is not specified, but HTTPS_PORT is specified, then the app will listen for HTTPS requests on all interfaces. + +##### 9. Remote access via SSH ###### SSH tunnel from Linux / Unix / macOS client An SSH tunnel can be established with: ```shell diff --git a/bin/www b/bin/www index 7deb134..e1a0305 100755 --- a/bin/www +++ b/bin/www @@ -16,22 +16,38 @@ const options = { } /** - * Get port from environment and store in Express. + * Get ports from environment and store in Express. */ -const port = normalizePort(process.env.PORT || '3000'); -app.set('port', port); -const sport = normalizePort(process.env.SPORT || '3443'); -app.set('sport', sport); +const http_port = normalizePort(process.env.HTTP_PORT || '3000'); +app.set('http_port', http_port); +const https_port = normalizePort(process.env.HTTPS_PORT || null); +app.set('https_port', https_port); /** - * Create HTTPS server and listen on localhost only for HTTP and on all network interfaces for HTTPS + * Get interface address on which to listen for HTTPS requests from env. + */ +const https_host = process.env.HTTPS_HOST || null; +app.set('https_host', https_host); + +/** + * Create HTTPS server and listen on localhost only for HTTP and + * on all network interfaces for HTTPS if HTTPS_PORT is set in env, + * or on specific interface if HTTPS_HOST is set in env. */ -app.listen(port, 'localhost'); +app.listen(http_port, 'localhost'); const server = https.createServer(options, app); -server.listen(sport); +if (https_port) { + if (https_host) { + console.log('Listening for HTTPS requests on port ' + https_port + ' on address ' + https_host); + } else { + console.log('Listening for HTTPS requests on port ' + https_port + ' on all interfaces'); + } + server.listen(https_port, https_host); +} + server.on('error', onError); server.on('listening', onListening); @@ -40,7 +56,7 @@ server.on('listening', onListening); */ function normalizePort(val) { - let port = parseInt(val, 10); + const port = parseInt(val, 10); if (isNaN(port)) { // named pipe @@ -56,7 +72,7 @@ function normalizePort(val) { } /** - * Event listener for HTTP server "error" event. + * Event listener for HTTP/S server "error" event. */ function onError(error) { @@ -64,13 +80,13 @@ function onError(error) { throw error; } - let bind = typeof port === 'string' - ? 'Pipe ' + port - : 'Port ' + port; + const bind = typeof http_port === 'string' + ? 'Pipe ' + http_port + : 'Port ' + http_port; - let sbind = typeof sport === 'string' - ? 'Pipe ' + sport - : 'Port ' + sport; + const sbind = typeof https_port === 'string' + ? 'Pipe ' + https_port + : 'Port ' + https_port; // handle specific listen errors with friendly messages switch (error.code) { @@ -92,8 +108,8 @@ function onError(error) { */ function onListening() { - let addr = server.address(); - let bind = typeof addr === 'string' + const addr = server.address(); + const bind = typeof addr === 'string' ? 'pipe ' + addr : 'port ' + addr.port; debug('Listening on ' + bind);