From 2a2d9a4b5e987f988869080d3a87c5a03170c64b Mon Sep 17 00:00:00 2001 From: Tariq Soliman Date: Thu, 19 Dec 2024 17:16:46 -0800 Subject: [PATCH] #602 Support HTTPS (#604) * #602 Support HTTPS * #602 HTTPS ENVs --- .gitignore | 2 ++ docker-compose.sample.yml | 1 + docs/pages/Setup/ENVs/ENVs.md | 12 ++++++++++++ sample.env | 16 ++++++++++++++++ scripts/server.js | 12 +++++++++++- ssl/.gitkeep | 0 6 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 ssl/.gitkeep diff --git a/.gitignore b/.gitignore index 08577385..ac6758a0 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ .env /node_modules/ +/ssl/* +!/ssl/.gitkeep /API/logs/* /Missions/* !/Missions/.gitkeep diff --git a/docker-compose.sample.yml b/docker-compose.sample.yml index 4bdfbd51..374de29d 100644 --- a/docker-compose.sample.yml +++ b/docker-compose.sample.yml @@ -9,6 +9,7 @@ services: restart: on-failure volumes: - ./Missions:/usr/src/app/Missions + - ./ssl:/usr/src/app/ssl stac-fastapi: image: ghcr.io/stac-utils/stac-fastapi-pgstac:3.0.0 diff --git a/docs/pages/Setup/ENVs/ENVs.md b/docs/pages/Setup/ENVs/ENVs.md index 2f8555a8..8201cc68 100644 --- a/docs/pages/Setup/ENVs/ENVs.md +++ b/docs/pages/Setup/ENVs/ENVs.md @@ -64,6 +64,18 @@ Password of Postgres database | string | default `null` Port to run on | positive integer | default `8888` +#### `HTTPS=` + +If true, MMGIS will use an https server with the, now required, `HTTPS_KEY` and `HTTPS_CERT` envs. If false, use a wrapping https proxy server instead and block `PORT` from being public | boolean | false + +#### `HTTPS_KEY=` + +Relative path to key. If using docker, make sure the key is mounted. Everything under './ssl/' is gitignored and './ssl/' is mounted into docker. + +#### `HTTPS_CERT=` + +Relative path to cert. If using docker, make sure the cert is mounted. Everything under './ssl/' is gitignored and './ssl/' is mounted into docker. + #### `DB_POOL_MAX=` Max number connections in the database's pool. CPUs \* 4 is a good number | integer | default `10` diff --git a/sample.env b/sample.env index b7d32c11..33e5561c 100644 --- a/sample.env +++ b/sample.env @@ -2,9 +2,11 @@ # SERVER - node || apache(deprecated) SERVER=node + # PORT # In development mode only, PORT+1 will also be used for the main site PORT=8888 + # AUTH - off || none || local || csso # off: No authentication. Users cannot sign up or log in. Tools that require log in will not work. # none: No authentication. Users can still sign up and log in from within MMGIS @@ -12,8 +14,22 @@ PORT=8888 # (does not work in dev env/build first and npm run start:prod) # csso: Use a Cloud Single Sign On service that's proxied in front of MMGIS AUTH=none + # NODE_ENV - development || production NODE_ENV=development + +# HTTPS - true || false +# If true, MMGIS will use an https server with the, now required, HTTPS_KEY and HTTPS_CERT envs. +# If false, use a wrapping https proxy server instead and block PORT from being public +HTTPS=false + +# Relative path to key. If using docker, make sure the key is mounted.Everything under './ssl/' is gitignored and './ssl/' is mounted into docker. +HTTPS_KEY='ssl/sample.key' + +# Relative path to cert. If using docker, make sure the cert is mounted. Everything under './ssl/' is gitignored and './ssl/' is mounted into docker. +HTTPS_CERT='ssl/sample.cert' + + # SECRET SECRET=aSecretKey diff --git a/scripts/server.js b/scripts/server.js index b732837f..02c869ae 100644 --- a/scripts/server.js +++ b/scripts/server.js @@ -2,6 +2,7 @@ require("dotenv").config(); const fs = require("fs"); const http = require("http"); +const https = require("https"); const { Pool } = require("pg"); var path = require("path"); const packagejson = require("../package.json"); @@ -881,7 +882,16 @@ setups.getBackendSetups(function (setups) { //////Setups Init////// setups.init(s); - const httpServer = http.createServer(app); + let httpServer; + if (process.env.HTTPS == "true") { + httpServer = https.createServer( + { + key: fs.readFileSync(process.env.HTTPS_KEY), + cert: fs.readFileSync(process.env.HTTPS_CERT), + }, + app + ); + } else httpServer = http.createServer(app); // Start listening for requests. httpServer.listen(port, (err) => { diff --git a/ssl/.gitkeep b/ssl/.gitkeep new file mode 100644 index 00000000..e69de29b