How to force all requests to https?

[okonon]

Hello I would like to mention that this is awesome generator I love it.
I have a quick question.
How would one force all http requests to https? I tried to add some rules to .haccess file but that does not seem to work.
I am running the site on openshift bronze plan.

Thanks a lot,
Happy New Year!

[andrewstuart]

Assuming you have https and http both set up already and running in the same node app, it's as easy as adding:

app.use(function(req, res, next) {
  if(!req.secure) {
    return res.redirect('https://your-site-name-here');
  }
  next();
});

Of course, you could split this into a redirect module, put it after certain endpoints that don't need to be secure, whatever you want to do.

[kingcody]

Great explanation @andrewstuart 👍

@softBarbarian you should be able to use: return res.redirect('https://' + req.headers.host + req.path); to redirect them to the https version of whatever host/path they requested.

[okonon]

Thanks for your help @kingcody and @andrewstuart Here are my results:
mysite.com -> redirects to https
www.mysite.com -> redirects to https
http://mysite.com -> redirects to https
http://www.mysite.com -> DOES NOT redirect to https
https://mysite.com -> 404
https://www.mysite.com -> no redirect needed, already https

can you please point me to right direction?
Thanks

[kingcody]

So if

http://mysite.com -> redirects to https

but

https://mysite.com -> 404

where does:

http://mysite.com

redirect to?

[okonon]

Redirects to https

[kingcody]

To a 404? I'm only asking because you said that going to https:// manually gives you a 404. So does the redirect to https:// 404 as well?

[okonon]

Only one of the https requests gives 404 1 the one without www.

So https://www.mysite.com - works
And https://mysite.com - 404

[okonon]

I wonder if this is registrar/openshift level issue?

[jeffbuhrt]

softBarbarian,

You might have checked these but check the basics.

confirm DNS points to the same server:
ping www.mysite.com
ping mysite.com
Do they give the same IP? If not then it could be a DNS issue.
(Control-C (^C) to interrupt as needed)

With a browser pointed to https://www.mysite.com do you see your SSL cert?
(Click the lock beside the URL and check 'More Info', etc. depending on the browser.)

You can also do each of:
telnet www.mysite.com 80
telnet mysite.com 80
(once connected type 'GET /', you should see HTTP code in response (your index.html)
If either error it could be the DNS issue above or a server routing if you use a balancer.

try each of:
telnet mysite.com 443
telnet www.mysite.com 443
Do they hang or do you get an error? (Because you won't have SSL negotiated a good IP to a proper server config normally would hang.) Do they error the same way if they error?

Are you on a shared (virtual) host?
For example VHosts in Apache route based on the URL.

What are you using/doing to support SSL?
-Apache, stunnel?
-Something in your code?
Can you see anything in a matching log? (error or SSL request)

[okonon]

Did not have much time to go thru your steps @jeffbuhrt will do it tomorrow.
However i noticed that my Namecheap's set up as follows:

Host name         IP address/URL               Record type
@                       https://mysite...                Url redirect (301)
www                   app-mysite.rhcloud.com  CNAME (Alias)

This is set up accordingly to OpenShift tutorial.

@kjellski, do you think CNAME entry might be a problem?

[shazimKhan]

just add this code in your .htaccess file you can easily redirect your page into secure page try its work for me
#Redirect to secure website
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

[punisher21maximum]

softBarbarian,

You might have checked these but check the basics.

confirm DNS points to the same server:
ping www.mysite.com
ping mysite.com
Do they give the same IP? If not then it could be a DNS issue.
(Control-C (^C) to interrupt as needed)

With a browser pointed to https://www.mysite.com do you see your SSL cert?
(Click the lock beside the URL and check 'More Info', etc. depending on the browser.)

You can also do each of:
telnet www.mysite.com 80
telnet mysite.com 80
(once connected type 'GET /', you should see HTTP code in response (your index.html)
If either error it could be the DNS issue above or a server routing if you use a balancer.

try each of:
telnet mysite.com 443
telnet www.mysite.com 443
Do they hang or do you get an error? (Because you won't have SSL negotiated a good IP to a proper server config normally would hang.) Do they error the same way if they error?

Are you on a shared (virtual) host?
For example VHosts in Apache route based on the URL.

What are you using/doing to support SSL?
-Apache, stunnel?
-Something in your code?
Can you see anything in a matching log? (error or SSL request)

great detailed solutions. Thanks