SSL/TLS (transport-layer security) is critical for preventing potential man-in-the-middle attacks. Without a protocol like SSL/TLS, web basics like securely transmitting login credentials and credit card numbers would be much more complicated and troublesome. SSL/TLS is not only important for HTTP requests (https://), it's also necessary for WebSockets (over wss://). Fortunately, you only need to worry about configuring SSL settings in one place: sails.config.ssl.
SSL and load balancers
#
The sails.config.ssl setting is only relevant if you want your Sails process to manage SSL. This isn't always the case. For example, if you expect your Sails app to get more traffic over time, it will need to scale to multiple servers, necessitating a load balancer. Most of the time, for performance and simplicity, it is a good idea to terminate SSL at your load balancer. If you do that, then since SSL/TLS will have already been dealt with before packets reach your Sails app, you won't need to use the sails.config.ssl setting at all. (This is also true if you're using a PaaS like Heroku, or almost any other host with a built-in load balancer.)
Use sails.config.ssl to set up basic SSL server options, or to indicate that you will be specifying more advanced options in sails.config.http.serverOptions.
If you specify a dictionary, it should contain both key and cert keys, _or_ a pfx key. The presence of those options indicates to Sails that your app should be lifted with an HTTPS server. If your app requires a more complex SSL setup (for example by using SNICallback), set sails.config.ssl to true and specify your advanced options in sails.config.http.serverOptions.
SSL configuration example
we'll assume you created a folder in your project, config/ssl/ and dumped your certificate/key files inside. Then, in one of your config files, include the following:
ssl: {
ca: require('fs').readFileSync(require('path').resolve(__dirname,'../ssl/my-gd-bundle.crt')),
key: require('fs').readFileSync(require('path').resolve(__dirname,'../ssl/my-ssl.key')),
cert: require('fs').readFileSync(require('path').resolve(__dirname,'../ssl/my-ssl.crt'))
}
references:
https://sailsjs.com/documentation/reference/configuration/sails-config
No comments:
Post a Comment