generator-angular-fullstack icon indicating copy to clipboard operation
generator-angular-fullstack copied to clipboard

Published 20 hours ago verified publisher icon angular-fullstack

How to force all requests to https?

Open okonon opened this issue 9 years ago • 12 comments

Hello I would like to mention that this is awesome generator I love it. I have a quick question. How would one force all http requests to https? I tried to add some rules to .haccess file but that does not seem to work. I am running the site on openshift bronze plan.

Thanks a lot, Happy New Year!

okonon avatar Jan 02 '15 18:01 okonon

Assuming you have https and http both set up already and running in the same node app, it's as easy as adding:

app.use(function(req, res, next) {
  if(!req.secure) {
    return res.redirect('https://your-site-name-here');
  }
  next();
});

Of course, you could split this into a redirect module, put it after certain endpoints that don't need to be secure, whatever you want to do.

andrewstuart avatar Jan 03 '15 22:01 andrewstuart

Great explanation @andrewstuart :+1:

@softBarbarian you should be able to use: return res.redirect('https://' + req.headers.host + req.path); to redirect them to the https version of whatever host/path they requested.

kingcody avatar Jan 09 '15 22:01 kingcody

Thanks for your help @kingcody and @andrewstuart Here are my results: mysite.com -> redirects to https www.mysite.com -> redirects to https http://mysite.com -> redirects to https http://www.mysite.com -> DOES NOT redirect to https https://mysite.com -> 404 https://www.mysite.com -> no redirect needed, already https

can you please point me to right direction? Thanks

okonon avatar Jan 10 '15 03:01 okonon

So if

http://mysite.com -> redirects to https

but

https://mysite.com -> 404

where does:

http://mysite.com

redirect to?

kingcody avatar Jan 10 '15 07:01 kingcody

Redirects to https

okonon avatar Jan 10 '15 13:01 okonon

To a 404? I'm only asking because you said that going to https:// manually gives you a 404. So does the redirect to https:// 404 as well?

kingcody avatar Jan 10 '15 14:01 kingcody

Only one of the https requests gives 404 1 the one without www.

So https://www.mysite.com - works And https://mysite.com - 404

okonon avatar Jan 10 '15 19:01 okonon

I wonder if this is registrar/openshift level issue?

okonon avatar Jan 10 '15 19:01 okonon

softBarbarian,

You might have checked these but check the basics.

confirm DNS points to the same server: ping www.mysite.com ping mysite.com Do they give the same IP? If not then it could be a DNS issue. (Control-C (^C) to interrupt as needed)

With a browser pointed to https://www.mysite.com do you see your SSL cert? (Click the lock beside the URL and check 'More Info', etc. depending on the browser.)

You can also do each of: telnet www.mysite.com 80 telnet mysite.com 80 (once connected type 'GET /', you should see HTTP code in response (your index.html) If either error it could be the DNS issue above or a server routing if you use a balancer.

try each of: telnet mysite.com 443 telnet www.mysite.com 443 Do they hang or do you get an error? (Because you won't have SSL negotiated a good IP to a proper server config normally would hang.) Do they error the same way if they error?

Are you on a shared (virtual) host? For example VHosts in Apache route based on the URL.

What are you using/doing to support SSL? -Apache, stunnel? -Something in your code? Can you see anything in a matching log? (error or SSL request)

jeffbuhrt avatar Jan 11 '15 00:01 jeffbuhrt

Did not have much time to go thru your steps @jeffbuhrt will do it tomorrow. However i noticed that my Namecheap's set up as follows:

Host name         IP address/URL               Record type
@                       https://mysite...                Url redirect (301)
www                   app-mysite.rhcloud.com  CNAME (Alias)

This is set up accordingly to OpenShift tutorial.

@kjellski, do you think CNAME entry might be a problem?

okonon avatar Jan 13 '15 03:01 okonon

just add this code in your .htaccess file you can easily redirect your page into secure page try its work for me #Redirect to secure website RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} example.com$ RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

shazimKhan avatar Oct 03 '19 04:10 shazimKhan

softBarbarian,

You might have checked these but check the basics.

confirm DNS points to the same server: ping www.mysite.com ping mysite.com Do they give the same IP? If not then it could be a DNS issue. (Control-C (^C) to interrupt as needed)

With a browser pointed to https://www.mysite.com do you see your SSL cert? (Click the lock beside the URL and check 'More Info', etc. depending on the browser.)

You can also do each of: telnet www.mysite.com 80 telnet mysite.com 80 (once connected type 'GET /', you should see HTTP code in response (your index.html) If either error it could be the DNS issue above or a server routing if you use a balancer.

try each of: telnet mysite.com 443 telnet www.mysite.com 443 Do they hang or do you get an error? (Because you won't have SSL negotiated a good IP to a proper server config normally would hang.) Do they error the same way if they error?

Are you on a shared (virtual) host? For example VHosts in Apache route based on the URL.

What are you using/doing to support SSL? -Apache, stunnel? -Something in your code? Can you see anything in a matching log? (error or SSL request)

great detailed solutions. Thanks

punisher21maximum avatar Jun 24 '20 05:06 punisher21maximum