1. 技术文章
  2. Heroku Error H13 on ExpressJS Node HTTPS Server

Heroku Error H13 on ExpressJS Node HTTPS Server

前提是你 提交于 2020-01-10 03:19:11

问题


I'm trying to implement HTTPS on my Node.js server (Expressjs framework). I have my signed certificate and key, as well as a self-signed cert/key for testing/development:

if(process.env.NODE_ENV == 'production'){
  var app = module.exports = express.createServer({
    key: fs.readFileSync('./ssl/nopass_server.key'),
    cert: fs.readFileSync('./ssl/server.crt')
  });
} else {
  var app = module.exports = express.createServer({
    key: fs.readFileSync('./ssl/self_signed/nopass_server.key'),
    cert: fs.readFileSync('./ssl/self_signed/server.crt')
  });
}

I've also setup SSL Endpoint on Heroku. Everything works fine on localhost, and Endpoint seems to be working properly, but when I run the app in production (on Heroku) I get an H13 application error. Interestingly (or not) if I tell express to create an HTTP server instead: var app = module.exports = express.createServer() it works, but then Chrome complains that the page at https://mydomain.com ran insecure content from http://mydomain.com.

Can I not/should I not be creating an HTTPS server in express for production? If I should, is there something extra I need to make it work on Heroku (e.g. I'm trusting it to set the correct port with var port = process.env.PORT)? If not, how can I serve "secure" content if its not running an https server so browsers won't complain?

I'm using the following to take care of any non-https requests:

app.get('*',function(req,res,next){
  if(req.headers['x-forwarded-proto'] != 'https'){
    res.redirect('https://mydomain.com'+req.url);
  } else next();
});

This is currently located just above the rest of my routes, could this be the issue/should this be somewhere else?

I have very limited experience with https in general so I'm probably missing something obvious.


回答1:


SSL termination occurs at Heroku's load balancers; they send your app plain (non-SSL) traffic, so your app should create a non-HTTPS server. As for the page at https://mydomain.com ran insecure content from http://mydomain.com, make sure that all the images/scripts/etc. your page is using is also served over the https protocol.




回答2:


You can use app.enable('trust proxy'), then req.secure works also on Heroku.



来源:https://stackoverflow.com/questions/11485880/heroku-error-h13-on-expressjs-node-https-server

标签
node.js
ssl
heroku
https
express
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!