brendanmoore · August 16, 2016 22:00 · Jul 1, 2013 · Jul 1, 2013 · Jul 1, 2013 · Jul 1, 2013
diff --git a/app.js b/app.js
@@ -8,5 +8,6 @@ app.use(express.session({
    proxy: true,
    key: 'session.sid',
    cookie: {secure: true},
-   store: new sessionStore() //NEVER use in-memory store for production - I'm using mongoose/mongodb here
+//NEVER use in-memory store for production - I'm using mongoose/mongodb here
+   store: new sessionStore() 
 }));
diff --git a/nginx-ssl.conf b/nginx-ssl.conf
@@ -12,10 +12,11 @@ server {
     ssl_prefer_server_ciphers   on;
 
     location / {
-#THESE ARE IMPORTANT
+# THESE ARE IMPORTANT
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#This is what tells Connect that your session can be considered secure, even though the protocol node.js sees is only HTTP:        
+# This is what tells Connect that your session can be considered secure, 
+# even though the protocol node.js sees is only HTTP:        
 proxy_set_header X-Forwarded-Proto $scheme; 
         proxy_set_header Host $http_host;
         proxy_set_header X-NginX-Proxy true;

diff --git a/Secure Sessions Howto b/Secure Sessions Howto
@@ -1,9 +1,9 @@
-Secure sessions are easy, but it's not very well documented, so I'm changing that.  Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:
+Secure sessions are easy, but it's not very well documented, so I'm changing that.  
+Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:
 
-The desired configuration for using NginX as an SSL proxy is to offload SSL processing and to put a hardened web server in front of your Node.js application, like:
+The desired configuration for using NginX as an SSL proxy is to offload SSL processing 
+and to put a hardened web server in front of your Node.js application, like:
 
 [NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT]
 
 To do this, here's what you need to do:
-
-1. Configure Connect(Express) to do sessions:
diff --git a/app.js b/app.js
@@ -1,4 +1,4 @@
-//In your main App, setup up sessions:
+// 1. In your main App, setup up sessions:
 
 app.enable('trust proxy');
 app.use(express.bodyParser());

diff --git a/nginxssl.conf → nginx-ssl.conf b/nginxssl.conf → nginx-ssl.conf
diff --git a/Secure Sessions Howto b/Secure Sessions Howto
@@ -0,0 +1,9 @@
+Secure sessions are easy, but it's not very well documented, so I'm changing that.  Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:
+
+The desired configuration for using NginX as an SSL proxy is to offload SSL processing and to put a hardened web server in front of your Node.js application, like:
+
+[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT]
+
+To do this, here's what you need to do:
+
+1. Configure Connect(Express) to do sessions:
diff --git a/gistfile1.txt → nginxssl.conf b/gistfile1.txt → nginxssl.conf
@@ -1,16 +1,4 @@
-Secure sessions are easy, but it's not very well documented, so I'm changing that.  Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:
-
-The desired configuration for using NginX as an SSL proxy is to offload SSL processing and to put a hardened web server in front of your Node.js application, like:
-
-[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT]
-
-To do this, here's what you need to do:
-
-1. Configure Connect(Express) to do sessions:
-
-
-
-2. Configure nginx to do SSL and forward all the requireed headers that COnnect needs to do secure sessions:
+# 2. Configure nginx to do SSL and forward all the required headers that COnnect needs to do secure sessions:
 
 server {
     listen       443;
@@ -24,7 +12,7 @@ server {
     ssl_prefer_server_ciphers   on;
 
     location / {
-#THESE ARE IMPORTATNT
+#THESE ARE IMPORTANT
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #This is what tells Connect that your session can be considered secure, even though the protocol node.js sees is only HTTP:        

diff --git a/app.js b/app.js
@@ -0,0 +1,12 @@
+//In your main App, setup up sessions:
+
+app.enable('trust proxy');
+app.use(express.bodyParser());
+app.use(express.cookieParser());
+app.use(express.session({
+   secret: 'Super Secret Password',
+   proxy: true,
+   key: 'session.sid',
+   cookie: {secure: true},
+   store: new sessionStore() //NEVER use in-memory store for production - I'm using mongoose/mongodb here
+}));
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -2,39 +2,23 @@ Secure sessions are easy, but it's not very well documented, so I'm changing tha
 
 The desired configuration for using NginX as an SSL proxy is to offload SSL processing and to put a hardened web server in front of your Node.js application, like:
 
-` [NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT] `
+[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT]
 
 To do this, here's what you need to do:
 
 1. Configure Connect(Express) to do sessions:
 
-```javascript
 
-app.enable('trust proxy');
-app.use(express.bodyParser());
-app.use(express.cookieParser());
-app.use(express.session({
-   secret: 'Super Secret Password',
-   proxy: true,
-   key: 'session.sid',
-   cookie: {secure: true},
-   store: new sessionStore() //NEVER use in-memory store for production - I'm using mongoose/mongodb here
-}));
-```
 
 2. Configure nginx to do SSL and forward all the requireed headers that COnnect needs to do secure sessions:
 
-```
 server {
     listen       443;
     server_name  localhost;
-
     ssl                  on;
     ssl_certificate      /etc/nginx/nodeapp.crt;
     ssl_certificate_key  /etc/nginx/nodeapp.key;
-
     ssl_session_timeout  5m;
-
     ssl_protocols  SSLv2 SSLv3 TLSv1;
     ssl_ciphers HIGH:!aNULL:!MD5;
     ssl_prefer_server_ciphers   on;
@@ -53,5 +37,3 @@ proxy_set_header X-Forwarded-Proto $scheme;
         proxy_redirect off;
     }
 }
-
-```
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,57 @@
+Secure sessions are easy, but it's not very well documented, so I'm changing that.  Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:
+
+The desired configuration for using NginX as an SSL proxy is to offload SSL processing and to put a hardened web server in front of your Node.js application, like:
+
+` [NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT] `
+
+To do this, here's what you need to do:
+
+1. Configure Connect(Express) to do sessions:
+
+```javascript
+
+app.enable('trust proxy');
+app.use(express.bodyParser());
+app.use(express.cookieParser());
+app.use(express.session({
+   secret: 'Super Secret Password',
+   proxy: true,
+   key: 'session.sid',
+   cookie: {secure: true},
+   store: new sessionStore() //NEVER use in-memory store for production - I'm using mongoose/mongodb here
+}));
+```
+
+2. Configure nginx to do SSL and forward all the requireed headers that COnnect needs to do secure sessions:
+
+```
+server {
+    listen       443;
+    server_name  localhost;
+
+    ssl                  on;
+    ssl_certificate      /etc/nginx/nodeapp.crt;
+    ssl_certificate_key  /etc/nginx/nodeapp.key;
+
+    ssl_session_timeout  5m;
+
+    ssl_protocols  SSLv2 SSLv3 TLSv1;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers   on;
+
+    location / {
+#THESE ARE IMPORTATNT
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#This is what tells Connect that your session can be considered secure, even though the protocol node.js sees is only HTTP:        
+proxy_set_header X-Forwarded-Proto $scheme; 
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+        proxy_read_timeout 5m;
+        proxy_connect_timeout 5m;
+        proxy_pass http://nodeserver;
+        proxy_redirect off;
+    }
+}
+
+```
No results found