generator-angular-fullstack icon indicating copy to clipboard operation
generator-angular-fullstack copied to clipboard

Published 20 hours ago verified publisher icon angular-fullstack

Enhancement: Https support

Open amobrem opened this issue 10 years ago • 10 comments

Make https default or make it optional?

amobrem avatar Nov 02 '14 19:11 amobrem

@amobrem hi there, thanks for the post. I was wondering what was the use case for adding this to the generator as a prompt. I would say that its fairly easy for an end-user to manually add https support to their express app: server/app.js

...
// Setup server
var app = express();
var server = require('https').createServer({
  key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
  cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
},app);
...

The only reason I would be hesitant is a lot of user simply use an SSL termination endpoint / reverse-proxy (ie: nginx, squid, vulcand) or the load balancer at their "cloud provider" and wouldn't need SSL at the nodejs app layer. Another thing I'm wondering about is, if https was selected would there be a demo cert pair or dummy files? The https module would throw Error: Missing PFX or certificate + private key. if we didn't supply some kind of cert pair, and we definitely want generated apps to run "out of the box" as much as possible.

However, how would you feel about us adding in some good documentation with a few examples of how you can configure https for your fullstack app? I think that could be pretty valuable for other users as well. We could list the example above along with some links to several of the popular provider's load balancer/ssl docs. Either way, I'd like to hear what you think.

Thanks

Edit

  • added fs.readFileSync() to the example

kingcody avatar Nov 03 '14 10:11 kingcody

I have set up https using this project, and it was pretty easy. I wouldn't mind writing some documentation for it if necessary.

selipso avatar Nov 03 '14 22:11 selipso

Documenting this would be great! BTW this is what the meanjs project added https://github.com/meanjs/generator-meanjs/pull/42

amobrem avatar Nov 03 '14 23:11 amobrem

That would be awesome @selipso. I know there has already been some talk of adding additional docs to the project. Perhaps we could start the conversation about how and where we should be working on them.

kingcody avatar Nov 03 '14 23:11 kingcody

Hey @amobrem, thanks for posting that link. There are some good ideas in that PR.

kingcody avatar Nov 03 '14 23:11 kingcody

@kingcody How about we expand this project's wiki for the docs?

selipso avatar Nov 04 '14 15:11 selipso

@selipso would love to see that! Thanks!

JaKXz avatar Nov 05 '14 22:11 JaKXz

@selipso absolutely :smile:

kingcody avatar Nov 06 '14 01:11 kingcody

I just realized the Wiki is not open for editing for me, so I will add to the solution @kingcody posted above. Here is how I have it set up for my project:

var server;
if(config.env === 'production') {
  var options = {
    ca: fs.readFileSync(__dirname + '/components/certificates/certificate_authority.crt'),
    key: fs.readFileSync(__dirname + '/components/certificates/private_key.key'),
    cert: fs.readFileSync(__dirname + '/components/certificates/issued_certificate.crt')
  };
  server = require('https').createServer(options, app);
} else {
  server = require('http').createServer(app);
}

This has the benefit of running the app out of the box in HTTP locally for developers, while still being able to provide the certificate in production. The __dirname is important because otherwise fs.readFileSync will try to find the certificate relative to its path in the node_modules folder instead of the /server folder. If you are hosting this project over github you would naturally want to add your /server/components/certificates directory to the .gitignore file. One problem this does not solve is automatic redirection (users must type https://url in order to access the site http://url will cause the page to hang up), though I believe this can be solved easily through using nginx as a reverse proxy.

For a really comprehensive tutorial about generating self-signed certificates and creating your own certificate authority, I recommend checking out this page: http://www.akadia.com/services/ssh_test_certificate.html

selipso avatar Nov 06 '14 03:11 selipso

Hi Guys,

I know it's an old subject, but the thread helped me and I wanted to help as well. Here is few additional changes I had to do in order to achieve the task of running https server:

  1. In config/enviromnent files add the protocol: protocol: 'http://' for development and protocol: 'https://' for production
  2. In the file espress.js, modify proxy: proxy: ${config.protocol}localhost:${config.port}``
  3. In the file gulpfile.babel.js modify host option: host: '${config.protocol}localhost' and the task start:client: open(config.protocol + 'localhost:' + config.browserSyncPort); and the task copy:server: 'package.json', '${serverPath}/config/certificates/*.pem' to copy local certificates to dist folder

Hope it helps. G73k05

73k05 avatar Feb 22 '18 15:02 73k05