我运行一个使用Node.js的Azure云服务,具有HTTP和HTTPS端点。诀窍是让IIS为您处理SSL终止,以便您的Node.js应用程序仅侦听HTTP(使用process.env.PORT)。
我已将我的证书上传到Windows Azure门户,然后我的ServiceDefinition.csdef文件看起来像这样:
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="my-cloud-service-name" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
<WebRole name="my-cloud-service-name" vmsize="Small">
<Imports />
<Startup>
<Task commandLine="setup_web.cmd > log.txt" executionContext="elevated">
<Environment>
<Variable name="EMULATED">
<RoleInstanceValue xpath="/RoleEnvironment/Deployment/@emulated" />
</Variable>
<Variable name="RUNTIMEID" value="node;iisnode" />
<Variable name="RUNTIMEURL" value="http://az413943.vo.msecnd.net/node/0.8.4.exe;http://az413943.vo.msecnd.net/iisnode/0.1.21.exe" />
</Environment>
</Task>
<Task commandLine="node.cmd ..\startup.js" executionContext="elevated" />
</Startup>
<Endpoints>
<InputEndpoint name="Web" protocol="http" port="80" />
<InputEndpoint name="WebSSL" protocol="https" port="443" certificate="my-certificate-name" />
</Endpoints>
<Certificates>
<Certificate name="my-certificate-name" storeLocation="LocalMachine" storeName="CA" />
</Certificates>
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Web" endpointName="Web" />
<Binding name="WebSSL" endpointName="WebSSL" />
</Bindings>
</Site>
</Sites>
</WebRole>
</ServiceDefinition>
然后,在我的Web.cloud.config文件的iisnode元素中,我确保提升了HTTPS服务器变量:
<iisnode debuggingEnabled="false" devErrorsEnabled="false" loggingEnabled="false" node_env="production" promoteServerVars="HTTPS" />
这使我能够使用一些Express.js中间件设置x-forwarded-proto头,该头是识别HTTP请求来源协议的事实标准:http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
exports.xForwardedProto = function(req, res, next) {
if(!req.headers['x-forwarded-proto']) {
if(req.headers['x-arr-ssl'] || req.headers['x-iisnode-https'] === 'on') {
req.headers['x-forwarded-proto'] = 'https';
}
}
next();
};
当我想将HTTP请求重定向到HTTPS时,我使用以下Express.js中间件:
exports.httpsOnly = function(req, res, next) {
if(req.protocol === 'http' && process.env.NODE_ENV && process.env.NODE_ENV != 'development') {
return res.redirect(301, 'https://' + req.get('host') + req.url);
}
next();
};