Sails.js and HTTPS (SSL)

So you are ready to deploy your Sails.js application and you want to use HTTPS (ssl). So you go to the website. Nothing there. A bit of googling takes you to this Stack Overflow question. That doesn’t work.

You then find the wiki on SSL. That says ‘TODO’ and has done for the past 5 months. Well that’s helpful.

So I have looked around the source code, and found that in this file around line 136, it looks for some server options and decides whether to use HTTPS or not! After a bit of playing around I have got HTTPS working with the latest version (v0.9.7). Now I’m not saying this is the ‘correct’ way to do it, but it works for me :-)

You will need to generate your certificate and key. Here is a quick tutorial for a self signing certificate. You will then need to edit config/local.js

This is mine (I’ve stripped out the comments);

var fs = require('fs');

module.exports = {

  port: process.env.PORT || 1337,
  environment: process.env.NODE_ENV || 'development',

  express: { serverOptions : {
    key: fs.readFileSync('ssl/key.pem'),
    cert: fs.readFileSync('ssl/cert.pem')
  }}

};

So you just need to require fs, then set the options!
Restarting your server should get you something like this;

$ sails lift
info: 
info: 
info:    Sails.js           <|
info:    v0.9.7              |\
info:                       /|.\
info:                      / || \
info:                    ,'  |'  \
info:                 .-'.-==|/_--'
info:                 `--'-------' 
info:    __---___--___---___--___---___--___
info:  ____---___--___---___--___---___--___-__
info: 
info: Server lifted in `/home/chris/Development/node/sails/testProject`
info: To see your app, visit https://localhost:1337
info: To shut down Sails, press  + C at any time.

debug: --------------------------------------------------------
debug: :: Sat Nov 16 2013 18:38:54 GMT+0000 (GMT)
debug: 
debug: Environment      : development
debug: Port             : 1337
debug: --------------------------------------------------------

Note it now says https://localhost:1337, Yay!


15 thoughts on “Sails.js and HTTPS (SSL)

Martello

Hey, great tip. The issue I am having now is that i cant seem to figure out how to get sails to accept *both* HTTP and HTTPS connections once setup as described above… Any ideas?

Reply

    Christopher Rogers

    Sails uses Express, and according to this http://expressjs.com/api.html#app.listen you can make your app listen on multiple ports (by making multiple servers), however how you would go about makeing sails do this I don’t know

    This appears to be where the express server is created, however I don’t know if you can call this more than once automatically. You might need to do some hacking of Sails! Might be worth opening an issue?

    Reply

Campbell Morgan

Hi useful article!

Just spent a few minutes hitting my head against the wall with sails 0.10.x with this not working at all.
After going into the source I realised that this has been updated and ssl config has been moved to config/local.js and abstracted from express

The setting should now be
ssl : {
key: fs.readFileSync(‘yourkeyFile.key’),
cert: fs.readFileSync(‘yourCertFile.cert’)
}
instead of express: {serverOptions:{ ….

Reply

Chris Houghton

Awesome. I’ve been trying for ages this morning to get this working!

Reply

Mike McNeil

Hey Christopher- thanks for sharing the solution! Fair criticism :) The community, Balderdash team and I have been working really hard on the completely revamped docs for Sails v0.10. Check em out:

• Reference: http://beta.sailsjs.org/#/documentation/reference
• Concepts: http://beta.sailsjs.org/#/documentation/concepts
• Anatomy: http://beta.sailsjs.org/#/documentation/anatomy/myApp

Reply

    Christopher Rogers

    Hi Mike

    The v0.10 docs are looking a lot better! I like the anatomy pages, a very good idea and something I’ve not seen before.
    I look forward to updating my app to 0.10 and using the docs in ‘anger’!

    Reply

Aaron

What about in production? Is it the same configuration in bootstrap.js for non local dev

Reply

    Christopher Rogers

    As far as I’m aware you should be fine using config/local.js in production as well. My impression was that local.js tends to be local to each machine, and doesn’t get commited to a VCS, so it can also contain different settings (eg different environments), etc.

    You can try it in bootstrap.js, but I’m not sure of the loading order for that, so that may or may not work.

    Although in production you may want to run node behind something like nginx, and let that handle https perhaps.

    Cheers
    Chris

    Reply

      Aaron

      Oh ok, that makes sense. How do you make it redirect to always use https without having to type that into the url bar?

      Reply

        Christopher Rogers

        That would depend entirely on your setup.
        I guess the simplest way would be to have something running on your http site that just forwards the url to the https version. This could be a node page or just use apache or nginx to forward all http traffic to https.
        Or you could implement some code in you Sails application that checks if the request is using https, if it isn’t it redirects to the https version.

        Reply

          Aaron

          i have the naked domain being forwarded to https://mysite.com, but godaddy instructed me that for http://www.mysite.com i would have to redirect on the server. so, I found the issue on github, and implemented the code but it doesn’t redirect. i have to explicitly prepend https://

          Aaron

          thanks, chris, i’ve got that setup and works fine locally, but when i push to heroku I have a redirect loop… :(

Aaron

ok so ….
With respect to sails v0.9.16,
i fixed this by going into node_modules/sails/lib/express/index.js
and adding

app.use(function(req, res, next) {
var schema = (req.headers[‘x-forwarded-proto’] || ”).toLowerCase();
if (schema === ‘https’) {
next();
} else {
res.redirect(‘https://’ + req.headers.host + req.url);
}
});

right after
// Install Express middleware

Thanks a ton Chris, sometimes somebody willing to chat about it goes along way, keep up the hard work.

Reply

    Christopher Rogers

    No worries, I know how much it can help having someone to chat to about something as well! Glad you got it all working in the end

    Just a quick word of advice/warning; if you ever update your sails version then your changes will probably be wiped. It might be an idea to see if you can put your code someone other than a core sails module. Maybe bootsrap.js? Might be worth a play anyways.

    Chris

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *