Merge pull request #71 from Kondeo/ssl

SSL now enabled
Kondeo · Mar 8, 2016 · 5f3c452 · 5f3c452
2 parents 08b6415 + 27f7801
commit 5f3c452
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 4 deletions.
diff --git a/Gruntfile.js b/Gruntfile.js
@@ -54,7 +54,7 @@ module.exports = function (grunt) {
       production: {
         constants: {
           CONST: {
-            "apiBase": "http://ccra1.kondeo.com:3000/",
+            "apiBase": "https://ccra1.kondeo.com:3000/",
             "stripePK": "pk_live_zgdVMyeOlyq0g7vQuRliqEDE",
             "version": "<%= pkg.version %>"
           }

diff --git a/backend/bin/www b/backend/bin/www
@@ -5,21 +5,64 @@
  */
 
 var app = require('../app');
+var constants = require('constants');
 var debug = require('debug')('ccra-book:server');
 var http = require('http');
+var https = require('https');
+var fs = require('fs');
+
+var sslPath = "/etc/letsencrypt/live/ccracodes.com";
+var enableSSL = true;
+
+try {
+    stats = fs.lstatSync(sslPath);
+    console.log("-- SSL Enabled --");
+    var sslOptions = {
+         key: fs.readFileSync(sslPath + '/privkey.pem'),
+         cert: fs.readFileSync(sslPath + '/fullchain.pem'),
+         ca: fs.readFileSync(sslPath + '/chain.pem'),
+         ciphers: [
+        "ECDHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-ECDSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES256-GCM-SHA384",
+        "ECDHE-ECDSA-AES256-GCM-SHA384",
+        "DHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES128-SHA256",
+        "DHE-RSA-AES128-SHA256",
+        "AES128-GCM-SHA256",
+        "!RC4", // RC4 be gone
+        "HIGH",
+        "!MD5",
+        "!aNULL"
+        ].join(':'),
+        honorCipherOrder: true,
+        secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2
+    }
+} catch (e) {
+    enableSSL = false;
+    console.log("-- SSL Disabled --");
+    console.log("If you are on a production server and this message is occuring, make sure you are running with elevated permissions.");
+    console.log("If you have run with elevated permissions, the certificates are likely missing.");
+    console.log("-- SSL Disabled --");
+}
 
 /**
  * Get port from environment and store in Express.
  */
 
-var port = normalizePort(process.env.PORT || '3003');
+var port = normalizePort(process.env.PORT || '3000');
 app.set('port', port);
 
 /**
- * Create HTTP server.
+ * Create HTTP(s) server.
  */
+var server;
+if(enableSSL){
+  server = https.createServer(sslOptions, app);
+} else {
+  server = http.createServer(app);
+}
 
-var server = http.createServer(app);
 
 /**
  * Listen on provided port, on all network interfaces.