Connect/Express middleware to enforce https using is-https
Clone or download
Latest commit 8df60bb Oct 10, 2018


Connect/Express middleware to enforce https using is-https.

npm npm (scoped with tag)


Install package

yarn add redirect-ssl # or npm install redirect-ssl

Require and use middleware (Make sure adding it as the first in the chain)

const redirectSSL = require('redirect-ssl')

// Add middleware

// Or if want to provide options
app.use(redirectSSL.create({ redirectPort: 8443 }))



  • Default: true

Trust and check x-forwarded-proto header for HTTPS detection.


  • Default: process.env.NODE_ENV === 'production'

Only enabled in production environment. Force redirecting locally by setting this option to true.


  • Default: 443

Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)


  • Default: undefined

Redirects using this value as host, if omitted will use request host for redirects.

NOTE It should not contain schema or trailing slashes. (Example:


  • Default: true

Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

Status Code

  • Default: 307 Temporary Redirect

Status code when redirecting. The reason of choosing 307 for default is:

  • It prevents changing method from POST TO GET by user agents. (If you don't care, use 302 Found)
  • Is temporary so if for any reason HTTPS disables on server clients won't hurt. (If you need permanent, use 308 Permanent Redirect or 301 Moved Permanently)
  • See This question, 307 on MDN, and RFC 7231 section 6.4.7 for more info.


  • Default: []

An array of routes patterns for which redirection should be disabled.


MIT - Nuxt.js