Redirect http hits to https

[wasifali]

Hi @brianhyder,

We're trying to redirect all hits from http to https. Currently the application is deployed on elastic beanstalk and it's allowing both http and https, but we only want later.

I tried adding the "server" object in config.js as mentioned in #1005 to make the check pb.config.server.ssl.use_x_forwarded && req.headers['x-forwarded-proto'] !== 'https' work in pencilblue.js, but it broke the code on localhost as well as live.

Could you please suggest a way to redirect http hits to https?

Thanks a lot.

[danielgeri]

@wasifale I found that setting use_x_forwarded to true. will work :)

[brianhyder]

@wasifale A lot of it depends on your situation. This is why we do not commit a config.js file. Each environment is different. Even for your development purposes you should have a local config file to use and then a production only config.js file. This is where CI/CD tools come in handy. It allows you to protect credentials to production DBs and other resources.

The other piece to consider is if you are using an ELB check if you are using SSL termination at the ELB or if you are passing the encrypted SSL content to the beanstalk instance.