feat: HTTPS support

config.sample.yml

@@ -11,13 +11,6 @@
 port: 3000
 
 # ---------------------------------------------------------------------
-# IP address the server should listen to
-# ---------------------------------------------------------------------
-# Do not change unless you know what you are doing!
-
-bindIP: 0.0.0.0
-
-# ---------------------------------------------------------------------
 # Database
 # ---------------------------------------------------------------------
 # Supported Database Engines:
@@ -49,6 +42,40 @@ redis:
   db: 0
   password: null
 
+#######################################################################
+# ADVANCED OPTIONS                                                    #
+#######################################################################
+# Do not change unless you know what you are doing!
+
+# ---------------------------------------------------------------------
+# SSL/TLS Settings
+# ---------------------------------------------------------------------
+# Consider using a reverse proxy (e.g. nginx) if you require more
+# advanced options than those provided below.
+
+ssl:
+  enabled: false
+
+  # Certificate format, either 'pem' or 'pfx':
+  format: pem
+  # Using PEM format:
+  key: path/to/key.pem
+  cert: path/to/cert.pem
+  # Using PFX format:
+  pfx: path/to/cert.pfx
+  # Passphrase when using encrypted PEM / PFX keys (default: null):
+  passphrase: null
+  # Diffie Hellman parameters, with key length being greater or equal
+  # to 1024 bits (default: null):
+  dhparam: null
+
+# ---------------------------------------------------------------------
+# IP address the server should listen to
+# ---------------------------------------------------------------------
+# Leave 0.0.0.0 for all interfaces
+
+bindIP: 0.0.0.0
+
 # ---------------------------------------------------------------------
 # Log Level
 # ---------------------------------------------------------------------

server/app/data.yml

@@ -21,6 +21,8 @@ defaults:
       port: 6379
       db: 0
       password: null
+    ssl:
+      enabled: false
     # DB defaults
     graphEndpoint: 'https://graph.requarks.io'
     lang:

server/master.js

@@ -6,6 +6,7 @@ const cors = require('cors')
 const express = require('express')
 const favicon = require('serve-favicon')
 const http = require('http')
+const https = require('https')
 const path = require('path')
 const { ApolloServer } = require('apollo-server-express')
 // const oauth2orize = require('oauth2orize')
@@ -166,10 +167,33 @@ module.exports = async () => {
 
   let srvConnections = {}
 
-  WIKI.logger.info(`HTTP Server on port: [ ${WIKI.config.port} ]`)
-
   app.set('port', WIKI.config.port)
-  WIKI.server = http.createServer(app)
+  if (WIKI.config.ssl.enabled) {
+    WIKI.logger.info(`HTTPS Server on port: [ ${WIKI.config.port} ]`)
+    const tlsOpts = {}
+    try {
+      if (WIKI.config.ssl.format === 'pem') {
+        tlsOpts.key = fs.readFileSync(WIKI.config.ssl.key)
+        tlsOpts.cert = fs.readFileSync(WIKI.config.ssl.cert)
+      } else {
+        tlsOpts.pfx = fs.readFileSync(WIKI.config.ssl.pfx)
+      }
+      if (!_.isEmpty(WIKI.config.ssl.passphrase)) {
+        tlsOpts.passphrase = WIKI.config.ssl.passphrase
+      }
+      if (!_.isEmpty(WIKI.config.ssl.dhparam)) {
+        tlsOpts.dhparam = WIKI.config.ssl.dhparam
+      }
+    } catch (err) {
+      WIKI.logger.error('Failed to setup HTTPS server parameters:')
+      WIKI.logger.error(err)
+      return process.exit(1)
+    }
+    WIKI.server = https.createServer(tlsOpts, app)
+  } else {
+    WIKI.logger.info(`HTTP Server on port: [ ${WIKI.config.port} ]`)
+    WIKI.server = http.createServer(app)
+  }
   apolloServer.installSubscriptionHandlers(WIKI.server)
 
   WIKI.server.listen(WIKI.config.port, WIKI.config.bindIP)
@@ -200,7 +224,11 @@ module.exports = async () => {
   })
 
   WIKI.server.on('listening', () => {
-    WIKI.logger.info('HTTP Server: [ RUNNING ]')
+    if (WIKI.config.ssl.enabled) {
+      WIKI.logger.info('HTTPS Server: [ RUNNING ]')
+    } else {
+      WIKI.logger.info('HTTP Server: [ RUNNING ]')
+    }
   })
 
   WIKI.server.destroy = (cb) => {