How do I configure my Nodejs app to respond to only SSL connections?

0

Issue

I have a Nodejs/Express app running on ec2 with Nginx and Mongodb. I am running on a 8 core ec2 instance, and I have 8 separate instances of my Nodejs app running fronted by Nginx. For now, I have only 1 server.

We are going to go live soon and want to make sure that our server responds to only SSL requests. I would like to know how and where do I configure the SSL connection.

Here they are:

  1. I will have to go to a CA like Verisign to get a cert, correct? My domain is registered through Godaddy, can I get a ssl cert from them?

  2. Do I need to install the cert on the ec2 instance? if yes, what happens if i have to add another server for HA and I want to use elastic load balancing? In that case, do I need to buy a separate cert for each ec2 instance? Is there some doc or tutorial as to how to configure Nginx for ssl?

  3. Once ssl is turned on, how do I ensure all non ssl connections are automatically redirected to ssl endpoints? Can I do this easily through a config entry in Nginx?

Solution

1. I will have to go to a CA like verisign to get a cert, correct? My
domain is registered thru godaddy, can I get a ssl cert from them?

Yes, you can buy an SSL certificate directly through GoDaddy.

2. Do I need to install the cert on the ec2 instance?

Yes, each server that you want to serve HTTPS content on will require the certificate be installed. Be careful to purchase a certificate that can be installed on multiple servers – some certificates can only be installed on one. It appears that GoDaddy allows unlimited certificate installations so this isn’t an issue if you use them, but if you go with someone else it might be.

Another consideration is that if you want the ability to have subdomains use SSL (ie https://*.mydomain.com won’t throw a browser warning), you’re going to need to buy either a wildcard certificate (to allow unlimited subdomains) or a certificate that supports a specific number of subdomains that you want to use.

Also note that if you’re going to need to support sticky sessions behind a load balancer on AWS, you’re going to need to install the certificate on the Elastic Load Balancer (ELB) as well as all your servers.

But I wouldn’t worry about this until everything else works since you have only one server right now, but be aware that the certificate must be X.509 (which it appears GoDaddy’s are) to be installed on your ELB. Just make sure when purchasing so it isn’t an issue in the future.

Can someone point me to some doc or tutorial as to how to configure nginx for ssl?

SSL Certificate Installation in Nginx.

3. how do i ensure all non ssl connections are automatically redirected to ssl endpoints?

See this answer here on ServerFault, it’s pretty straightforward to configure:

server {
    listen      80;
    server_name signup.mysite.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
} 

Best of luck.

Answered By – Ryan Weir

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More