Add native SSL support
This commit is contained in:
Christoph Wiechert
32
app.js
32
app.js
@@ -1,6 +1,8 @@
|
||||
'use strict';
|
||||
const config = require('./config');
|
||||
const app = require('./lib/endpoints');
|
||||
const https = require('https');
|
||||
const fs = require('fs');
|
||||
|
||||
/**
|
||||
* Naming:
|
||||
@@ -9,17 +11,43 @@ const app = require('./lib/endpoints');
|
||||
* fid: {sid}++{key}
|
||||
*/
|
||||
|
||||
const server = app.listen(config.port, config.iface, () => {
|
||||
let server;
|
||||
if(config.port) {
|
||||
// HTTP Server
|
||||
server = app.listen(config.port, config.iface, () => {
|
||||
console.log(`PsiTransfer listening on http://${config.iface}:${config.port}`);
|
||||
});
|
||||
}
|
||||
|
||||
let httpsServer;
|
||||
if(config.sslPort && config.sslKeyFile && config.sslCertFile) {
|
||||
// HTTPS Server
|
||||
const sslOpts = {
|
||||
key: fs.readFileSync(config.sslKeyFile),
|
||||
cert: fs.readFileSync(config.sslCertFile)
|
||||
};
|
||||
httpsServer = https.createServer(sslOpts, app)
|
||||
.listen(config.sslPort, config.iface, () => {
|
||||
console.log(`PsiTransfer listening on https://${config.iface}:${config.sslPort}`);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
// graceful shutdown
|
||||
function shutdown() {
|
||||
console.log('PsiTransfer shutting down...');
|
||||
if(server) {
|
||||
server.close(() => {
|
||||
process.exit(0);
|
||||
server = false;
|
||||
if(!server && !httpsServer) process.exit(0);
|
||||
});
|
||||
}
|
||||
if(httpsServer) {
|
||||
httpsServer.close(() => {
|
||||
httpsServer = false;
|
||||
if(!server && !httpsServer) process.exit(0);
|
||||
});
|
||||
}
|
||||
setTimeout(function() {
|
||||
console.log('Could not close connections in time, forcefully shutting down');
|
||||
process.exit(0);
|
||||
|
||||
@@ -13,5 +13,7 @@ module.exports = {
|
||||
"604800": "1 Week",
|
||||
"1209600": "2 Weeks"
|
||||
},
|
||||
"defaultRetention": 3600
|
||||
"defaultRetention": 3600,
|
||||
"sslKeyFile": './tmp/cert.key',
|
||||
"sslCertFile": './tmp/cert.pem',
|
||||
};
|
||||
|
||||
@@ -7,8 +7,13 @@ const fsp = require('fs-promise');
|
||||
// or use ENV-VARS like PSITRANSFER_PORT=8000
|
||||
const config = {
|
||||
"uploadDir": path.resolve(__dirname + '/data'),
|
||||
"port": 3000,
|
||||
"iface": '0.0.0.0',
|
||||
// set to false to disable HTTP
|
||||
"port": 3000,
|
||||
// HTTPS, set all 3 values to enable
|
||||
"sslPort": 8443,
|
||||
"sslKeyFile": false,
|
||||
"sslCertFile": false,
|
||||
// retention options in seconds:label
|
||||
"retentions": {
|
||||
"one-time": "one time download",
|
||||
|
||||
@@ -38,3 +38,12 @@ node app.js
|
||||
* Then it will overwrite `retentions` and `port` with the values of the environment parameters.
|
||||
|
||||
> Environment parameters always have the highest priority.
|
||||
|
||||
## SSL
|
||||
|
||||
It's recommended to use Nginx for SSL termination, see [nginx-ssl-example.conf](https://github.com/psi-4ward/psitransfer/blob/master/docs/nginx-ssl-example.conf).
|
||||
|
||||
For native SSL support provide `sslPort`, `sslKeyFile`, `sslCertFile` options. To generate
|
||||
a _snake oil_ certificate use `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.pem`.
|
||||
|
||||
To disable HTTP set the `port` config value to `false`.
|
||||
|
||||
Reference in New Issue
Block a user