express-force-ssl

Force SSL on particular/all pages in Express

express-force-ssl

Extremely simple middleware for requiring some or all pages to be visited over SSL.

$ npm install express-force-ssl

Examples

var express = require('express');
var forceSSL = require('express-force-ssl');
var fs = require('fs');
var http = require('http');
var https = require('https');
 
var ssl_options = {
  key: fs.readFileSync('./keys/private.key')
  cert: fs.readFileSync('./keys/cert.crt')
  ca: fs.readFileSync('./keys/intermediate.crt')
};
 
var app = express();
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
 
app.use(express.bodyParser());
app.use(forceSSL);
app.use(app.router);
 
secureServer.listen(443)
server.listen(80)
 
var express = require('express');
var forceSSL = require('express-force-ssl');
var fs = require('fs');
var http = require('http');
var https = require('https');
 
var ssl_options = {
  key: fs.readFileSync('./keys/private.key')
  cert: fs.readFileSync('./keys/cert.crt')
  ca: fs.readFileSync('./keys/intermediate.crt')
};
 
var app = express();
 
var server = http.createServer(app);
var secureServer = https.createServer(options, app);
 
app.use(express.bodyParser());
app.use(app.router);
 
app.get('/', somePublicFunction);
app.get('/user/:name', somePublicFunction);
app.get('/login', forceSSL, someSecureFunction);
app.get('/logout', forceSSL, someSecureFunction);
 
secureServer.listen(443)
server.listen(80)

If your server isn't listening on 80/443 respectively, you can change this pretty simply.

 
var app = express();
app.set('httpsPort', 8443);
 
var server = http.createServer(app);
var secureServer = https.createServer(options, app);
 
...
 
secureServer.listen(443)
server.listen(80)
 
npm test

Change Log

This will prevent a POST/PUT etc with data that will end up being lost in a redirect.

Courtesy of @ronco

Courtesy of @tixz

For example, if you host your non-ssl site on port 8080 and your secure site on 8443, version 0.1.x did not support it. Now, out of the box your non-ssl site port will be recognized, and to specify a port other than 443 for your ssl port you just have to add a setting in your express config like so:

app.set('httpsPort', 8443);

and the plugin will check for it and use it. Defaults to 443 of course.

Courtesy of @timshadel