Secure sessions with Node.js, Express.js, and NginX as an SSL Proxy
'Life > Tip' 카테고리의 다른 글
[TIP] 유튜브 채널 핸들 @(골뱅이) 이름 바꾸기 (0) | 2023.07.22 |
---|---|
[telegram] telegrambot을 이용한 메세지 전달 (0) | 2016.10.26 |
Secure sessions are easy, but not very well documented. | |
Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy: | |
The desired configuration for using NginX as an SSL proxy is to offload SSL processing | |
and to put a hardened web server in front of your Node.js application, like: | |
[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [PUBLIC INTERNET] <-> [CLIENT] | |
Edit for express 4.X and >: Express no longer uses Connect as its middleware framework, it implements its own now. | |
To do this, here's what you need to do: |
// 1. In your main App, setup up sessions: | |
app.enable('trust proxy'); | |
app.use(express.bodyParser()); | |
app.use(express.cookieParser()); | |
app.use(express.session({ | |
secret: 'Super Secret Password', | |
proxy: true, | |
key: 'session.sid', | |
cookie: {secure: true}, | |
//NEVER use in-memory store for production - I'm using mongoose/mongodb here | |
store: new sessionStore() | |
})); |
# 2. Configure nginx to do SSL and forward all the required headers that COnnect needs to do secure sessions: | |
server { | |
listen 443; | |
server_name localhost; | |
ssl on; | |
ssl_certificate /etc/nginx/nodeapp.crt; | |
ssl_certificate_key /etc/nginx/nodeapp.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers HIGH:!aNULL:!MD5; | |
ssl_prefer_server_ciphers on; | |
location / { | |
# THESE ARE IMPORTANT | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# This is what tells Connect that your session can be considered secure, | |
# even though the protocol node.js sees is only HTTP: | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_read_timeout 5m; | |
proxy_connect_timeout 5m; | |
proxy_pass http://nodeserver; | |
proxy_redirect off; | |
} | |
} |
[TIP] 유튜브 채널 핸들 @(골뱅이) 이름 바꾸기 (0) | 2023.07.22 |
---|---|
[telegram] telegrambot을 이용한 메세지 전달 (0) | 2016.10.26 |
내 블로그 - 관리자 홈 전환 |
Q
Q
|
---|---|
새 글 쓰기 |
W
W
|
글 수정 (권한 있는 경우) |
E
E
|
---|---|
댓글 영역으로 이동 |
C
C
|
이 페이지의 URL 복사 |
S
S
|
---|---|
맨 위로 이동 |
T
T
|
티스토리 홈 이동 |
H
H
|
단축키 안내 |
Shift + /
⇧ + /
|
* 단축키는 한글/영문 대소문자로 이용 가능하며, 티스토리 기본 도메인에서만 동작합니다.