From 3ede499732a04acdd7df2b169edec0539d19c719 Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 30 Jan 2019 01:30:05 -0500 Subject: [PATCH] feat: HTTPS support --- config.sample.yml | 41 ++++++++++++++++++++++++++++++++++------- server/app/data.yml | 2 ++ server/master.js | 36 ++++++++++++++++++++++++++++++++---- 3 files changed, 68 insertions(+), 11 deletions(-) diff --git a/config.sample.yml b/config.sample.yml index 4cda0685..347149c8 100644 --- a/config.sample.yml +++ b/config.sample.yml @@ -10,13 +10,6 @@ port: 3000 -# --------------------------------------------------------------------- -# IP address the server should listen to -# --------------------------------------------------------------------- -# Do not change unless you know what you are doing! - -bindIP: 0.0.0.0 - # --------------------------------------------------------------------- # Database # --------------------------------------------------------------------- @@ -49,6 +42,40 @@ redis: db: 0 password: null +####################################################################### +# ADVANCED OPTIONS # +####################################################################### +# Do not change unless you know what you are doing! + +# --------------------------------------------------------------------- +# SSL/TLS Settings +# --------------------------------------------------------------------- +# Consider using a reverse proxy (e.g. nginx) if you require more +# advanced options than those provided below. + +ssl: + enabled: false + + # Certificate format, either 'pem' or 'pfx': + format: pem + # Using PEM format: + key: path/to/key.pem + cert: path/to/cert.pem + # Using PFX format: + pfx: path/to/cert.pfx + # Passphrase when using encrypted PEM / PFX keys (default: null): + passphrase: null + # Diffie Hellman parameters, with key length being greater or equal + # to 1024 bits (default: null): + dhparam: null + +# --------------------------------------------------------------------- +# IP address the server should listen to +# --------------------------------------------------------------------- +# Leave 0.0.0.0 for all interfaces + +bindIP: 0.0.0.0 + # --------------------------------------------------------------------- # Log Level # --------------------------------------------------------------------- diff --git a/server/app/data.yml b/server/app/data.yml index be98321b..2f5dc3a4 100644 --- a/server/app/data.yml +++ b/server/app/data.yml @@ -21,6 +21,8 @@ defaults: port: 6379 db: 0 password: null + ssl: + enabled: false # DB defaults graphEndpoint: 'https://graph.requarks.io' lang: diff --git a/server/master.js b/server/master.js index 839cd373..d30a6e4a 100644 --- a/server/master.js +++ b/server/master.js @@ -6,6 +6,7 @@ const cors = require('cors') const express = require('express') const favicon = require('serve-favicon') const http = require('http') +const https = require('https') const path = require('path') const { ApolloServer } = require('apollo-server-express') // const oauth2orize = require('oauth2orize') @@ -166,10 +167,33 @@ module.exports = async () => { let srvConnections = {} - WIKI.logger.info(`HTTP Server on port: [ ${WIKI.config.port} ]`) - app.set('port', WIKI.config.port) - WIKI.server = http.createServer(app) + if (WIKI.config.ssl.enabled) { + WIKI.logger.info(`HTTPS Server on port: [ ${WIKI.config.port} ]`) + const tlsOpts = {} + try { + if (WIKI.config.ssl.format === 'pem') { + tlsOpts.key = fs.readFileSync(WIKI.config.ssl.key) + tlsOpts.cert = fs.readFileSync(WIKI.config.ssl.cert) + } else { + tlsOpts.pfx = fs.readFileSync(WIKI.config.ssl.pfx) + } + if (!_.isEmpty(WIKI.config.ssl.passphrase)) { + tlsOpts.passphrase = WIKI.config.ssl.passphrase + } + if (!_.isEmpty(WIKI.config.ssl.dhparam)) { + tlsOpts.dhparam = WIKI.config.ssl.dhparam + } + } catch (err) { + WIKI.logger.error('Failed to setup HTTPS server parameters:') + WIKI.logger.error(err) + return process.exit(1) + } + WIKI.server = https.createServer(tlsOpts, app) + } else { + WIKI.logger.info(`HTTP Server on port: [ ${WIKI.config.port} ]`) + WIKI.server = http.createServer(app) + } apolloServer.installSubscriptionHandlers(WIKI.server) WIKI.server.listen(WIKI.config.port, WIKI.config.bindIP) @@ -200,7 +224,11 @@ module.exports = async () => { }) WIKI.server.on('listening', () => { - WIKI.logger.info('HTTP Server: [ RUNNING ]') + if (WIKI.config.ssl.enabled) { + WIKI.logger.info('HTTPS Server: [ RUNNING ]') + } else { + WIKI.logger.info('HTTP Server: [ RUNNING ]') + } }) WIKI.server.destroy = (cb) => {