diff --git a/bin/www b/bin/www index 86b602f4c..cd21bae31 100755 --- a/bin/www +++ b/bin/www @@ -10,7 +10,9 @@ process.on('unhandledRejection', error => { const app = require('../app'); const debug = require('debug')('node:server'); +const fs = require('fs'); const http = require('http'); +const https = require('https'); const config = require('../services/config'); const log = require('../services/log'); @@ -23,9 +25,23 @@ app.set('port', port); /** * Create HTTP server. */ -const server = http.createServer(app); +let server; -log.info("App server starting up at port " + port); +if (config['Network']['https']) { + const options = { + key: fs.readFileSync(config['Network']['keyPath']), + cert: fs.readFileSync(config['Network']['certPath']) + }; + + server = https.createServer(options, app); + + log.info("App HTTPS server starting up at port " + port); +} +else { + server = http.createServer(app); + + log.info("App HTTP server starting up at port " + port); +} /** * Listen on provided port, on all network interfaces. diff --git a/config-sample.ini b/config-sample.ini index b48971cfc..bf642a0e9 100644 --- a/config-sample.ini +++ b/config-sample.ini @@ -1,5 +1,10 @@ [Network] port=80 +# true for TLS/SSL/HTTPS (secure), false for HTTP (unsecure). +https=false +# path to certificate (run "bash generate-cert.sh" to generate self-signed certificate). Relevant only if https=true +certPath= +keyPath= [Sync] syncServerHost= diff --git a/generate-cert.sh b/generate-cert.sh index 770357edc..1610d82a6 100644 --- a/generate-cert.sh +++ b/generate-cert.sh @@ -1,16 +1,3 @@ #!/bin/bash -openssl genrsa -des3 -out cert.key 2048 - -openssl req -new -key cert.key -out cert.csr - -# Remove passphrase from key -cp cert.key cert.key.org - -openssl rsa -in cert.key.org -out cert.key - -# Generate self signed certificate -openssl x509 -req -days 730 -in cert.csr -signkey cert.key -out cert.crt - -rm cert.key.org -rm cert.csr \ No newline at end of file +openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 2000 -nodes