#602 Support HTTPS (#604)

* #602 Support HTTPS

* #602 HTTPS ENVs

.gitignore

@@ -3,6 +3,8 @@
 .env
 
 /node_modules/
+/ssl/*
+!/ssl/.gitkeep
 /API/logs/*
 /Missions/*
 !/Missions/.gitkeep

docker-compose.sample.yml

@@ -9,6 +9,7 @@ services:
     restart: on-failure
     volumes:
       - ./Missions:/usr/src/app/Missions
+      - ./ssl:/usr/src/app/ssl
 
   stac-fastapi:
     image: ghcr.io/stac-utils/stac-fastapi-pgstac:3.0.0

docs/pages/Setup/ENVs/ENVs.md

@@ -64,6 +64,18 @@ Password of Postgres database | string | default `null`
 
 Port to run on | positive integer | default `8888`
 
+#### `HTTPS=`
+
+If true, MMGIS will use an https server with the, now required, `HTTPS_KEY` and `HTTPS_CERT` envs. If false, use a wrapping https proxy server instead and block `PORT` from being public | boolean | false
+
+#### `HTTPS_KEY=`
+
+Relative path to key. If using docker, make sure the key is mounted. Everything under './ssl/' is gitignored and './ssl/' is mounted into docker.
+
+#### `HTTPS_CERT=`
+
+Relative path to cert. If using docker, make sure the cert is mounted. Everything under './ssl/' is gitignored and './ssl/' is mounted into docker.
+
 #### `DB_POOL_MAX=`
 
 Max number connections in the database's pool. CPUs \* 4 is a good number | integer | default `10`

sample.env

@@ -2,18 +2,34 @@
 
 # SERVER - node || apache(deprecated)
 SERVER=node
+
 # PORT
 # In development mode only, PORT+1 will also be used for the main site
 PORT=8888
+
 # AUTH - off || none || local || csso
 # off: No authentication. Users cannot sign up or log in. Tools that require log in will not work.
 # none: No authentication. Users can still sign up and log in from within MMGIS
 # local: Anyone without credentials is blocked. The Admin must log in, create accounts and pass out the credentials
 #   (does not work in dev env/build first and npm run start:prod)
 # csso: Use a Cloud Single Sign On service that's proxied in front of MMGIS   
 AUTH=none
+
 # NODE_ENV - development || production
 NODE_ENV=development
+
+# HTTPS - true || false
+# If true, MMGIS will use an https server with the, now required, HTTPS_KEY and HTTPS_CERT envs.
+# If false, use a wrapping https proxy server instead and block PORT from being public
+HTTPS=false
+
+# Relative path to key. If using docker, make sure the key is mounted.Everything under './ssl/' is gitignored and './ssl/' is mounted into docker.
+HTTPS_KEY='ssl/sample.key'
+
+# Relative path to cert. If using docker, make sure the cert is mounted. Everything under './ssl/' is gitignored and './ssl/' is mounted into docker.
+HTTPS_CERT='ssl/sample.cert'
+
+
 # SECRET
 SECRET=aSecretKey
 

scripts/server.js

@@ -2,6 +2,7 @@ require("dotenv").config();
 
 const fs = require("fs");
 const http = require("http");
+const https = require("https");
 const { Pool } = require("pg");
 var path = require("path");
 const packagejson = require("../package.json");
@@ -881,7 +882,16 @@ setups.getBackendSetups(function (setups) {
   //////Setups Init//////
   setups.init(s);
 
-  const httpServer = http.createServer(app);
+  let httpServer;
+  if (process.env.HTTPS == "true") {
+    httpServer = https.createServer(
+      {
+        key: fs.readFileSync(process.env.HTTPS_KEY),
+        cert: fs.readFileSync(process.env.HTTPS_CERT),
+      },
+      app
+    );
+  } else httpServer = http.createServer(app);
 
   // Start listening for requests.
   httpServer.listen(port, (err) => {