-
Notifications
You must be signed in to change notification settings - Fork 3
SSL
Setting up SSL was already stated briefly in the Installation page, but for the sake of verbosity, we will expand upon that here.
The application can operate in HTTP only mode or in HTTP/HTTPS mode. In HTTP only mode the console output will issue a warning about operating in insecure mode. HTTP only mode should only be used in development or test environments that do not use real patient data.
HTTP/HTTPS mode is used for production and the HTTP portion is solely used to redirect the request to the HTTPS protocol.
The application determines which mode is in effect by referencing the
cfg.tls.key
config value set in the configuration file. If this is set to
false, the mode is set to HTTP only, otherwise it expects the contents of this
variable to be the SSL key. This is usually done via a fs.readFileSync()
call to read in the key from the cert folder (or wherever you put it).
In addition to cfg.tls.key
, the cfg.host.name
must be set to the domain
name tied to the SSL certificate.
It is common practice to run a Nodejs application on a non-public interface such as the local interface and then use a reverse proxy (such as Nginx) to proxy communications between the public interface and the Nodejs application.
TODO: determine if cfg.host.name can be set to localhost without causing issues with links and redirects in pages returned.
This software has a GPLv3 License.