adding https option for running with TLS/SSL #140
Conversation
|
Forcing port 443/security in the production.js file seems to add a lot of opinion to the boilerplate. It also seems a little inconsistent with the rest of the commit, where the boilerplate appears to be configurable to run http as well as https, based on environment variable being set. You could possibly create a secured_production.js and leave the regular production.js in place, with relevant changes throughout the codebase to use the proper configuration based on environment settings. |
| @@ -0,0 +1,7 @@ | |||
| #!/bin/bash | |||
| echo "Generating self-signed certificates..." | |||
| aopenssl genrsa -out key.pem | |||
There was a problem hiding this comment.
I am going to add -aes256 to encrypt the private key with specified cipher before outputting it. Also planning to add 1024 numbits option to increase the size of the private key to generate in bitsoption instead of default 512.
|
Alex, I agree, thanks for the help! I will keep the original production.js in place and provide a secure.js env option. |
…ing openssl options to gen-certs
…r private key and certificate
|
Excellent work. I am using MySql instead of MongoDb, but i am not able to connect MySql using Sequelizejs. |
|
Heroku also not supporting custom SSL, we need to use their ssl-endpoint addon. |
|
This is a fantastic pull request, but we should add this as an option in the generator. @jloveland - would you be willing to convert this and submit a PR in the generator repo? |
|
Sure, I will take a crack at it.
|
|
@jloveland any progress on this? I checked around for an Express-specific HTTPS setup, but it doesn't seem to be as performant and as useful as an SSL terminator. Maybe we should look at that instead. |
|
I am going to work on it this week. I will be adding it to the generator project. Initial iteration will use express setup, however I will look into SSL terminator after I get that working.
|
|
@jloveland I've also got some working https setup from another repo so let me know if you still want to continue on this or not |
|
@jloveland didn't notice you already set out a PR for that, great! |
|
I haven't been using the generator. So I submitted the PR to be merged not considering it. I am still reviewing the generator project and plan to add my code contribution. If I have questions I will append to this thread. In the near term, feel free to merge in case others want to use it.
|
|
Hi jloveland, since you wrote that you're still reviewing the project, I thought this might help. Picking one of them is somewhat committal so the more informed you are the better. |
|
Thanks Dan, I am actually sold on mean. At this point, I am just trying to make sure my Pull Request on the mean generator is done right. Will your post help me with this? I just saw you have a comparison of mvc spa technology. I am having trouble getting the production config setting to render in the browser. The development config works fine. Have you run mean in production? I am copying t the production.js config and trying to use it for my secure config.
|
|
Nope, not at all :) I'm just here to prevent uninformed decisions. Good luck. |
|
@dancancro - I'm not sure what you're trying to achieve, but I don't think this thread (and other issues in this repo) are the proper place for this kind of discussion. If you want to discuss the alternatives to MeanJS, you're welcome to open a single issue, in which people could be exposed to comparisons such as the one you created. Especially avoid posing such comments if they have no actual relevance to the issue at hand. Let me know what you think, I don't mean to offend - I'm interested in providing the discussion you are generating the proper platform it deserves. |
|
@jloveland - With the release of 0.4, we'll have a bunch of updates for the generator, so I'll make sure this PR gets in there as well. Thanks, and I'm sorry it took so long. |
|
@roieki I am also adding this to the generator project. I am testing now... |
|
Oh great! Thanks! I'll check for the PR there. |
|
Hi @roieki I mistakenly took jloveland's "still reviewing the generator project" to mean that he was still considering whether he wanted to use it. He didn't publish his contact info so I couldn't write to him directly. Given the inertia that signing on to any project can create, I hope you can forgive this. My reply was about that statement only. Probably same thing for the other threads you're talking about. Since none of the project home pages do anything to make people aware of all the options, I make the same comments in all of the discussions. So I'm not picking on meanjs. Who knows? Maybe some of your tribe were directed to meanjs from one of them. Thanks for your suggestion about making a separate thread. I'm not going to do that because it can be marked as 'closed' before the problem is solved. I'd need to start a new issue every time someone new came along. Just trying to help. :) |
|
Apologies for bumping a year old thread but did anything ever come of this? Looking to run an app through SSL and hoping I'm just overlooking a config variable somewhere |
|
@brokyo The latest version has https support. There's instructions in the README, and there is a config option to set the |
|
@brokyo this was merged and you can run Mean.js with TLS/SSL. You need to do the following:
|
|
God that's beyond embarrassing. It's right there in the docs! Total user error :( Thanks so much to both of you |
This addresses issue #86 by adding the option to configure express using https instead of http. The 'all' and 'production' environment configuration includes a property named 'secure' to enable https.