Node module to enable HTTPS/SSL in a loopback application with simple configurations. The module also enables trusted peer authentication.
# install loopback-cli
npm install -g loopback-cli
# create project directory
mkdir <app-name>
cd <app-name>
# create loopback application
lb
# ? What's the name of your application? <app-name>
# ? Which version of LoopBack would you like to use? 3.x (current)
# ? What kind of application do you have in mind? notes
npm install loopback-ssl --save
Add the following lines of configuration in 'config.json' in location "\<app-dir>/server/config.json"
"httpMode": false,
"certConfig": {
"path": "/certificate/path/",
"key": "local.pem",
"cert": "local.crt.pem",
"ca": [],
"requestCert": false,
"rejectUnauthorized": false
}
Edit the server.js located at "\<app-dir>/server/server.js". Replace the code in server.js with the code below (assuming no prior customizations to the file)
var loopback = require('loopback');
var boot = require('loopback-boot');
var loopbackSSL = require('loopback-ssl');
var app = module.exports = loopback();
boot(app, __dirname, function(err) {
if (err) throw err;
});
return loopbackSSL.startServer(app);
The configuration entry
"httpMode": true will enable http (disable https). In this mode the
"certConfig": {..} configuration is not required and can be omitted.
"httpMode": true
The configuration entry
"httpMode": false will enable https.
"httpMode": false,
"certConfig": {
"path": "/certificate/path/",
"key": "serverkey.pem",
"cert": "server-certificate.pem",
"ca": [],
"requestCert": false,
"rejectUnauthorized": false
}
"path" - folder location where the certificates files will be installed
"key" - server key
"cert" - server certificate
Will only work with pre-generated certificate files
"httpMode": false,
"certConfig": {
"path": "/certificate/path/",
"key": "serverkey.pem",
"cert": "server-certificate.pem",
"ca": [
"client-certificate-to-validate.pem"
],
"requestCert": true,
"rejectUnauthorized": true
}
ca[] configuration contains the list of client certificates which the server will authenticate
"requestCert": true enables mutual SSL authentication
"rejectUnauthorized": true enables the authenticity and validity check of client keys
"rejectUnauthorized": can be set to
false.
MIT.