On a Heroku-hosted node app, I want to redirect all HTTP traffic to HTTPS without running a separate app server.
A previous post Automatic HTTPS connection/redirect with node.js/express recommended setting up iptables
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3000
I'm not very expert - but does anyone know how to do this on Heroku? The goal is route http to https - whatever accomplishes that in the most efficient way.
Thanks!
I check https within Express and redirect if necessary:
(are you using Express?)
function requireSecure(req, res, next){
if(!req.secure){
var port = app.myConfig.httpsPort || 443;
if(port != 443){
res.redirect('https://'+req.host+':'+port+req.originalUrl);
console.log('redirecting to https://'+req.host+':'+port+req.originalUrl);
} else {
res.redirect('https://'+req.host+req.originalUrl);
console.log('redirecting to https://'+req.host+req.originalUrl);
};
} else {
next();
};
}
// place before any other route to ensure all requests https
app.all('*', requireSecure);
// You can instead protect individual routes like this:
app.get('/account'
, requireSecure
, function(req, res, next){
res.send(200, 'This route is definitely secure!')
});
// I THINK (but haven't tested,) that you can also place this
// function as middleware in Express's stack, above your router
// (but possibly below the static files handler, if you don't need https for those)
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view options', {layout:false});
app.set('view engine', 'jade');
app.use(requireSecure);
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(app.router);
app.use(express.static(__dirname + '/public'));
});
// Listen to both http and https protocols:
var http = require('http');
var https = require('https');
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);