From f7ceb575fe5a86b61e709b3135ab2fe36e87078b Mon Sep 17 00:00:00 2001 From: Christoph Wiechert Date: Tue, 6 Jun 2017 10:58:00 +0200 Subject: [PATCH] Add native SSL support --- app.js | 40 ++++++++++++++++++++++++++++++++++------ config.dev.js | 4 +++- config.js | 7 ++++++- docs/configuration.md | 9 +++++++++ 4 files changed, 52 insertions(+), 8 deletions(-) diff --git a/app.js b/app.js index fecb48f..835f5ca 100644 --- a/app.js +++ b/app.js @@ -1,6 +1,8 @@ 'use strict'; const config = require('./config'); const app = require('./lib/endpoints'); +const https = require('https'); +const fs = require('fs'); /** * Naming: @@ -9,17 +11,43 @@ const app = require('./lib/endpoints'); * fid: {sid}++{key} */ -const server = app.listen(config.port, config.iface, () => { - console.log(`PsiTransfer listening on http://${config.iface}:${config.port}`); -}); +let server; +if(config.port) { + // HTTP Server + server = app.listen(config.port, config.iface, () => { + console.log(`PsiTransfer listening on http://${config.iface}:${config.port}`); + }); +} + +let httpsServer; +if(config.sslPort && config.sslKeyFile && config.sslCertFile) { + // HTTPS Server + const sslOpts = { + key: fs.readFileSync(config.sslKeyFile), + cert: fs.readFileSync(config.sslCertFile) + }; + httpsServer = https.createServer(sslOpts, app) + .listen(config.sslPort, config.iface, () => { + console.log(`PsiTransfer listening on https://${config.iface}:${config.sslPort}`); + }); +} // graceful shutdown function shutdown() { console.log('PsiTransfer shutting down...'); - server.close(() => { - process.exit(0); - }); + if(server) { + server.close(() => { + server = false; + if(!server && !httpsServer) process.exit(0); + }); + } + if(httpsServer) { + httpsServer.close(() => { + httpsServer = false; + if(!server && !httpsServer) process.exit(0); + }); + } setTimeout(function() { console.log('Could not close connections in time, forcefully shutting down'); process.exit(0); diff --git a/config.dev.js b/config.dev.js index c59bab3..5beea94 100644 --- a/config.dev.js +++ b/config.dev.js @@ -13,5 +13,7 @@ module.exports = { "604800": "1 Week", "1209600": "2 Weeks" }, - "defaultRetention": 3600 + "defaultRetention": 3600, + "sslKeyFile": './tmp/cert.key', + "sslCertFile": './tmp/cert.pem', }; diff --git a/config.js b/config.js index 4e090b8..7a53dad 100644 --- a/config.js +++ b/config.js @@ -7,8 +7,13 @@ const fsp = require('fs-promise'); // or use ENV-VARS like PSITRANSFER_PORT=8000 const config = { "uploadDir": path.resolve(__dirname + '/data'), - "port": 3000, "iface": '0.0.0.0', + // set to false to disable HTTP + "port": 3000, + // HTTPS, set all 3 values to enable + "sslPort": 8443, + "sslKeyFile": false, + "sslCertFile": false, // retention options in seconds:label "retentions": { "one-time": "one time download", diff --git a/docs/configuration.md b/docs/configuration.md index 8222538..f99ef54 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -38,3 +38,12 @@ node app.js * Then it will overwrite `retentions` and `port` with the values of the environment parameters. > Environment parameters always have the highest priority. + +## SSL + +It's recommended to use Nginx for SSL termination, see [nginx-ssl-example.conf](https://github.com/psi-4ward/psitransfer/blob/master/docs/nginx-ssl-example.conf). + +For native SSL support provide `sslPort`, `sslKeyFile`, `sslCertFile` options. To generate +a _snake oil_ certificate use `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.pem`. + +To disable HTTP set the `port` config value to `false`.