mirror of
https://github.com/dec0dOS/zero-ui.git
synced 2025-08-19 13:01:30 -07:00
feat: prefer to TLS if we can find TLS key and cert
/backend/tls/fullchain.pem /backend/tls/privkey.pem Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
This commit is contained in:
Syrone Wong
parent
9e0b691cf7
commit
2d4ef28d26
1 changed files with 46 additions and 8 deletions
|
|
@ -7,26 +7,64 @@ require("dotenv").config();
|
||||||
|
|
||||||
var app = require("../app");
|
var app = require("../app");
|
||||||
var debug = require("debug")("zero-ui:server");
|
var debug = require("debug")("zero-ui:server");
|
||||||
|
var fs = require("fs");
|
||||||
var http = require("http");
|
var http = require("http");
|
||||||
|
var https = require("https");
|
||||||
|
var path = require("path");
|
||||||
|
|
||||||
|
const cert_path = path.join(__dirname, "..", "tls", "fullchain.pem");
|
||||||
|
const privkey_path = path.join(__dirname, "..", "tls", "privkey.pem");
|
||||||
|
|
||||||
|
let can_read_cert = true,
|
||||||
|
can_read_privkey = true;
|
||||||
|
let statOptions = { throwIfNoEntry: false };
|
||||||
|
let cert_stat = fs.statSync(cert_path, statOptions);
|
||||||
|
let privkey_stat = fs.statSync(privkey_path, statOptions);
|
||||||
|
|
||||||
|
if (!cert_stat) {
|
||||||
|
console.error(`cannot read cert at ${cert_path}`);
|
||||||
|
can_read_cert = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!privkey_stat) {
|
||||||
|
console.error(`cannot read privkey at ${privkey_path}`);
|
||||||
|
can_read_privkey = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
let can_use_tls = can_read_cert && can_read_privkey;
|
||||||
|
let server;
|
||||||
|
if (can_use_tls) {
|
||||||
|
// only start HTTP server if we cannot find cert and key.
|
||||||
|
let option = {
|
||||||
|
key: fs.readFileSync(privkey_path),
|
||||||
|
cert: fs.readFileSync(cert_path),
|
||||||
|
honorCipherOrder: true,
|
||||||
|
minVersion: "TLSv1.3",
|
||||||
|
};
|
||||||
|
server = https.createServer(option, app);
|
||||||
|
debug("setting up TLS server");
|
||||||
|
} else {
|
||||||
|
server = http.createServer(app);
|
||||||
|
debug("setting up HTTP server");
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get port from environment and store in Express.
|
* Get port from environment and store in Express.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
var port = normalizePort(process.env.PORT || "4000");
|
var port = normalizePort(process.env.ZU_LISTEN_PORT || "4000");
|
||||||
app.set("port", port);
|
app.set("port", port);
|
||||||
|
|
||||||
/**
|
|
||||||
* Create HTTP server.
|
|
||||||
*/
|
|
||||||
|
|
||||||
var server = http.createServer(app);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Listen on provided port, on all network interfaces.
|
* Listen on provided port, on all network interfaces.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
server.listen(port, process.env.LISTEN_ADDRESS || "0.0.0.0");
|
if (can_use_tls) {
|
||||||
|
// only bind to all network interfaces if TLS is available.
|
||||||
|
server.listen(port, process.env.LISTEN_ADDRESS || "0.0.0.0");
|
||||||
|
} else {
|
||||||
|
server.listen(port, process.env.LISTEN_ADDRESS || "localhost");
|
||||||
|
}
|
||||||
server.on("error", onError);
|
server.on("error", onError);
|
||||||
server.on("listening", onListening);
|
server.on("listening", onListening);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue