stackoom
  简体   繁体   中英

NestJS redirect HTTP to HTTPS / force SSL

 原文  2020-02-25 09:07:25       typescript/ security/ https/ nestjs

Question

Building a NestJS Application I want to route ALL incoming traffic through https without inconvenience for the user.

So far there are two ways I know, both doesn't fit my requirements.

  1. Set up two servers for http and https and than redirect traffic per route/api endpoint, which is really not DRY and cannot be best practice. Doc redirect

  2. By only creating the https server, the user would always be forced to type the https address manually what I don't want. Doc https

Ideally I would assume a solution where https is checked and forced the very first moment some one is hitting the server by just typing example.com . I think this would best be done in main.ts of my NestJS application.

2 answers

solution1
 3 ACCPTED  2020-02-25 09:41:15

For production release you will probably use nginx . Nginx will be listen on port 80 and redirect to nestJS port. Advantage of this solution is easy redirecting to https. In you config you can put something like this

server {
       listen         80;
       server_name    example1.com example2.com;
       return         301 https://$host$request_uri;
}

server {
       listen         443 ssl;
       server_name    example1.com example2.com;
       ...
}

So each http request will be redirect to https. And your application don't have to care about http request because each of them will be redirect before.

solution2
 0  2021-08-04 08:38:12

For my use case, I see no reason to bloat the server with reverse proxy layer while node http servers are fully featured. Since question is related to NestJS, here I present simple native solution, using Nest middleware. Of course, u will have to also follow the NestJS documentation on hosting two servers, which is again fairly simple.

import { HttpStatus, Injectable, NestMiddleware } from '@nestjs/common';
import { Request, Response } from "express";

@Injectable()
export class HttpsRedirectMiddleware implements NestMiddleware
{
    use(req: Request, res: Response, next: () => void)
    {
        if (!req.secure)
        {
            const httpsUrl = `https://${req.hostname}${req.originalUrl}`;
            res.redirect(HttpStatus.PERMANENT_REDIRECT, httpsUrl);
        }
        else
        {
            next();
        }
    }
}

We simply ask on request object whether conneciton is secure, if not, we incite browser to permanently redirect to same url, but this time prefixed with https:// . The middleware class above is then to be registered for all routes within configure() method of AppModule .

configure(consumer: MiddlewareConsumer)
{
    consumer.apply(HttpsRedirectMiddleware).forRoutes("*");
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Force redirect HTTP to HTTPS NestJS Http Module Using https with Axios request in Nestjs Nestjs websocket gateway with SSL is not working NestJS HTTPS empty @POST() body Redirect with Nestjs not working with external URL NestJS returning the result of an HTTP request Nestjs how to redirect without an intermediate link NestJs HTTP (rxjs) traversing a paginated endpoint Expose normal http endpoint in NestJS Microservices
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM