wip

2025-03-30 15:08:30 +00:00 · 2024-02-29 02:48:40 -08:00 · 2024-02-29 02:48:40 -08:00 · bbeb315e78
commit bbeb315e78
parent cae8e79e0f
2 changed files with 19 additions and 20 deletions
--- a/src/cli/proxy/server.ts
+++ b/src/cli/proxy/server.ts
@ -5,11 +5,14 @@ import {
  IS_DEV,
  MOTHERSHIP_PORT,
  SETTINGS,
+  SSL_CERT,
+  SSL_KEY,
 } from '$constants'
 import { forEach } from '@s-libs/micro-dash'
 import cors from 'cors'
 import express, { ErrorRequestHandler } from 'express'
 import 'express-async-errors'
+import enforce from 'express-sslify'
 import fs from 'fs'
 import http from 'http'
 import https from 'https'
@ -37,6 +40,7 @@ const hostnameRoutes = IS_DEV() ? DEV_ROUTES : PROD_ROUTES
 const app = express()

 app.use(cors())
+app.use(enforce.HTTPS())

 // Use the IP blocker middleware
 app.use(createIpWhitelistMiddleware(IPCIDR_LIST()))
@ -69,23 +73,17 @@ const errorHandler: ErrorRequestHandler = (err, req, res, next) => {
 }
 app.use(errorHandler)

-if (IS_DEV()) {
-  http.createServer(app).listen(80, () => {
-    console.log('HTTP server running on port 80')
-  })
-} else {
-  // HTTPS server options
-  const httpsOptions = {
-    key: fs.readFileSync(
-      '/home/pockethost/pockethost/ssl/cloudflare-privkey.pem',
-    ),
-    cert: fs.readFileSync(
-      '/home/pockethost/pockethost/ssl/cloudflare-origin.pem',
-    ),
-  }
+http.createServer(app).listen(80, () => {
+  console.log('SSL redirect server listening on 80')
+})

-  // Create HTTPS server
-  https.createServer(httpsOptions, app).listen(443, () => {
-    console.log('HTTPS server running on port 443')
-  })
+// HTTPS server options
+const httpsOptions = {
+  key: fs.readFileSync(SSL_KEY()),
+  cert: fs.readFileSync(SSL_CERT()),
 }
+
+// Create HTTPS server
+https.createServer(httpsOptions, app).listen(443, () => {
+  console.log('HTTPS server running on port 443')
+})
--- a/src/constants.ts
+++ b/src/constants.ts
@ -46,6 +46,7 @@ export const _MOTHERSHIP_APP_ROOT = (...paths: string[]) =>
 export const _INSTANCE_APP_ROOT = (...paths: string[]) =>
  join(_PH_PROJECT_ROOT, 'src', 'instance-app', ...paths)

+const TLS_PFX = `tls`
 export const SETTINGS = {
  UPGRADE_MODE: mkBoolean(false),

@ -88,8 +89,8 @@ export const SETTINGS = {
  PH_BIN_CACHE: mkPath(join(_PH_HOME, '.pbincache'), { create: true }),

  PH_FTP_PORT: mkNumber(21),
-  SSL_KEY: mkPath(join(_SSL_HOME, `tls.key`)),
-  SSL_CERT: mkPath(join(_SSL_HOME, `tls.cert`)),
+  SSL_KEY: mkPath(join(_SSL_HOME, `${TLS_PFX}.key`)),
+  SSL_CERT: mkPath(join(_SSL_HOME, `${TLS_PFX}.cert`)),
  PH_FTP_PASV_IP: mkString(`0.0.0.0`),
  PH_FTP_PASV_PORT_MIN: mkNumber(10000),
  PH_FTP_PASV_PORT_MAX: mkNumber(20000),