Time to Convert to Https

March 21, 2018

Time to convert to https

I recently learned of Google's plan to start marking all http sites as "not secure" recently and decided to do something about my own. I'm not really sure why all sites need to be HTTPS but who am I to argue with Google. It turns out that because I'm on AWS that HTTPS is yet another benefit, another bullet in the list of possibilities that one has available to them. AWS Certificate Manager is a service that lets you provision, manage and deploy SSL certificates for use with AWS services…and oh, didn't I mention its FREE!

So with a few clicks and a handful of code I was able to make HTTPS my default protocol on my AWS CodeStar site.

I had to go into my Elastic Beanstalk configuration under "Modify Capacity" and convert my environment type from "Single Instance" to "Load Balanced" I had to create a certificate in the AWS Certificate Manager I had to go back into my Elastic Beanstalk configuration and choose the certificate I made under "Secure ELB listener" And finally I had to write a little bit of code in my server to make HTTPS the default protocol I'm using Loopback for my server so I had to create a custom middleware:

server/middleware/https.js

function https() {
    return function redirecToHttps(req, res, next) {
    if ((process.env.NODE_ENV === 'production') &&
            (!req.secure) &&
            (req.get('X-Forwarded-Proto') !== 'https')) {
    res.redirect('https://' + req.get('Host') + req.url);
        } else {
    next();
        }
    };
}

    module.exports = https;

server/middleware.json

{
    "initial": {
    "./middleware/https": {}
  }
}

Now when you navigate to zolmok.org you get immediately redirected to httpS://www.zolmok.org/ and the URL bar has a nice green hue to it signifying that the site is secure. My initial thoughts were to use Let's Encrypt but I quickly found the AWS Certificate Manager and realized I didn't need to go this route. If you're not on AWS or for whatever reason the AWS Certificate Manager just isn't for you, then I would highly recommend you look into Let's Encrypt for your HTTPS needs.