Skip to content
Kurt Symanzik edited this page Jan 27, 2015 · 2 revisions

Setting up SSL was already stated briefly in the Installation page, but for the sake of verbosity, we will expand upon that here.

Two modes

The application can operate in HTTP only mode or in HTTP/HTTPS mode. In HTTP only mode the console output will issue a warning about operating in insecure mode. HTTP only mode should only be used in development or test environments that do not use real patient data.

HTTP/HTTPS mode is used for production and the HTTP portion is solely used to redirect the request to the HTTPS protocol.

Setting up SSL

The application determines which mode is in effect by referencing the cfg.tls.key config value set in the configuration file. If this is set to false, the mode is set to HTTP only, otherwise it expects the contents of this variable to be the SSL key. This is usually done via a fs.readFileSync() call to read in the key from the cert folder (or wherever you put it).

In addition to cfg.tls.key, the cfg.host.name must be set to the domain name tied to the SSL certificate.

SSL and a Reverse Proxy

It is common practice to run a Nodejs application on a non-public interface such as the local interface and then use a reverse proxy (such as Nginx) to proxy communications between the public interface and the Nodejs application.

TODO: determine if cfg.host.name can be set to localhost without causing issues with links and redirects in pages returned.

Clone this wiki locally