1.0.4 • Published 5 years ago

loopback-ssl v1.0.4

Weekly downloads
298
License
MIT
Repository
github
Last release
5 years ago

loopback-ssl

Node module to enable HTTPS/SSL in a loopback application with simple configurations. The module also enables trusted peer authentication.

Travis npm npm npm David David Codacy Badge Join the chat at https://gitter.im/yantrashala/loopback-ssl

Features

  • Enable SSL in Loopback application
  • Enable mutual SSL authentication in Loopback

Setup

Install loopback:

# install loopback-cli
npm install -g loopback-cli

# create project directory
mkdir <app-name>
cd <app-name>

# create loopback application
lb
# ? What's the name of your application? <app-name>
# ? Which version of LoopBack would you like to use? 3.x (current)
# ? What kind of application do you have in mind? notes

Install loopback-ssl:

npm install loopback-ssl --save

Setup Configuration:

Add the following lines of configuration in 'config.json' in location "\<app-dir>/server/config.json"

  "httpMode": false,
  "certConfig": {
    "path": "/certificate/path/",
    "key": "local.pem",
    "cert": "local.crt.pem",
    "ca": [],
    "requestCert": false,
    "rejectUnauthorized": false
  }

Configure server.js

Edit the server.js located at "\<app-dir>/server/server.js". Replace the code in server.js with the code below (assuming no prior customizations to the file)

server.js

var loopback = require('loopback');
var boot = require('loopback-boot');
var loopbackSSL = require('loopback-ssl');

var app = module.exports = loopback();

boot(app, __dirname, function(err) {
  if (err) throw err;
});

return loopbackSSL.startServer(app);

Configuration options

Option 1: HTTP (default loopback configuration)

The configuration entry "httpMode": true will enable http (disable https). In this mode the "certConfig": {..} configuration is not required and can be omitted.

  "httpMode": true

Option 2: HTTPS: Loading certificates from files

The configuration entry "httpMode": false will enable https.

  "httpMode": false,
  "certConfig": {
    "path": "/certificate/path/",
    "key": "serverkey.pem",
    "cert": "server-certificate.pem",
    "ca": [],
    "requestCert": false,
    "rejectUnauthorized": false
  }
  • "path" - folder location where the certificates files will be installed
  • "key" - server key
  • "cert" - server certificate

Option 3: HTTPS: Loading certificates from files & Mutual SSL authentication

Will only work with pre-generated certificate files

  "httpMode": false,
  "certConfig": {
    "path": "/certificate/path/",
    "key": "serverkey.pem",
    "cert": "server-certificate.pem",
    "ca": [
        "client-certificate-to-validate.pem"
    ],
    "requestCert": true,
    "rejectUnauthorized": true
  }
  • The ca[] configuration contains the list of client certificates which the server will authenticate
  • "requestCert": true enables mutual SSL authentication
  • "rejectUnauthorized": true enables the authenticity and validity check of client keys
  • For any reason, if the client certificate is a self signed certificate, "rejectUnauthorized": can be set to false.

Contributing

  • Want to contribute? Great! Please check this guide.
  • Fork it ( https://github.com/yantrashala/loopback-ssl/fork )
  • Create your feature branch (git checkout -b new-feature)
  • Commit your changes (git commit -am 'Add some feature')
  • Push to the branch (git push origin new-feature)
  • Create new Pull Request

License

MIT.

See Also

loopbacksslmutual authenticationtwo way ssltrusted peercertificatehttps
debug
@infinitebrahmanuniverse/nolb-loop@everything-registry/sub-chunk-2102
1.0.4

5 years ago

1.0.3

7 years ago

1.0.2

7 years ago

1.0.1

7 years ago

1.0.0

7 years ago

0.0.9

7 years ago

0.0.8

8 years ago

0.0.7

8 years ago

0.0.6

8 years ago

0.0.5

8 years ago

0.0.4

8 years ago

0.0.3

8 years ago

0.0.2

8 years ago

0.0.1

8 years ago