lifejacket
v0.9.4
Published
Redirect http:// to https:// in your Sails.js app, and (optionally) expose a cert renewal route for leveraging free LetsEncrypt SSL certificates.
Downloads
129
Maintainers
Readme
lifejacket
Redirect http:// to https:// in your Node.js/Sails.js application to ensure TLS/SSL, plus a bit of middleware for handling LetsEncrypt cert renewals.
When using SSL, also be sure to always enable secure cookies! Otherwise, the initial http:// request (before redirecting) could still transmit sensitive data in plain text.
Disclaimer
If you can get away with it, I'd always recommend simply buying a wildcard SSL cert and then using a tool like Cloudflare to handle SSL redirects automatically. The convenience and lack of yet another thing to maintain makes the addition of another layer of infrastructure well worth it! (Here's the cheat sheet I use when setting up Cloudflare with Heroku. Of course feel free to use whatever mashup you like-- that's just what's worked for me.)
Still here? Alright. This hook exists for those situations where buying a wildcard cert (~$100-150 per year) or setting up a free Cloudflare account is not an option, for whatever reason. But seriously, consider it before moving on.
Installation
To install this hook in your Sails app, just run:
$ npm install lifejacket --save
Then set the following configuration (probably in your config/env/production.js
file):
lifejacket: {
// Disabled by default. (e.g. for local dev)
// So you'll want to override this in your config/env/production.js file,
// setting it to `true`.
ensureHttps: true,
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// If you don't already have the conventional `sails.config.custom.baseUrl` set,
// then uncomment the following `host` config. This must be set manually if `ensureHttps`
// is enabled.
// > Should be provided as a string, like `foo.example.com`.
// host: 'mysweetsite.com',
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
},
Then, when you lift in production, http://
requests should redirect to https://
.
Questions?
See Extending Sails > Hooks in the Sails documentation, or check out recommended support options.
Contributing
Please observe the guidelines and conventions laid out in the Sails project contribution guide when opening issues or submitting pull requests.
Bugs
To report a bug, click here.
License
This community hook is available under the MIT license.
As for the Sails framework? It's free and open-source under the MIT License.