Table of Contents

https

Note: The https interface as been changed from Hop-3.2.0 and Hop-3.3.0 this document only refers to the latter version.

Hop can accept http connections, https connections, or both simultaneously. This is chosen on the command line, that is before Hop starts, and this can no longer be modified once it is running.

A running Hop instance can check which protocol are supported by checking the hop.ports value or the config.HTTPPort and config.HTTPSport. These variable are read-only. See hop and config for details.

A service can determine the protocol used to emit an incoming request by checking the if the ssl protocol is used by the underlying socket. Within the body of a service, this can be obtained with: this.socket.ssl. See services for details.

Hop invocation

The following example, shows how to redirect incoming http connexion to their https counterpart. In the example below if a non-https connection is received and if the server session enables https connection, the function return is Hop response that redirects the client to the corresponding http port.

The following example shows how to run Hop with http connection listened to the port 9999 and https connections listended to the port 8888.

hop -p 9999 --https-port 8888 --https-pkey key.pem --https-cert cert.pem

Certificate and Keys

With openssl, a self signed certificate can be generated by:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Automatic Redirections

As Hop can accepts both http and https connections, it might be useful to redirect one to the other either on a per service basis or globally. THis section shows how to implement these redirections.

Per service redirection

Hop introspection enables services to know about the protocols used to emit requests and the protocols that are available. This, for instance, enables services to automatically redirect http connections to https connections. Here is an example of code implementing such a redirection.

redirect.js

service mySvc() {
   return HTTPtoHTTPs( this ) || ...;
}

function HTTPtoHTTPS( req ) {
   if( config.HTTPSPort && !req.socket.ssl ) {
      return hop.HTTPResponseString( "",
         {
            startLine: "HTTP/1.0 307 Temporary Redirect",
            header: { "location": `https://${req.host}:${config.HTTPSPort}${req.abspath}` }
         } );
   } else {
      return false;
   }
}

Global redirection

Using request filters it is possible to intercept all incoming requests and redirecting them if there are not using the https protocol. Example:

redirect2.js

"use strict";

const config = require( hop.config );

hop.addRequestFilterFirst( req => {
      if( config.HTTPSPort && !req.socket.ssl ) {
         console.log( "redirection..." );
         return hop.HTTPResponseString( "",
            {
               startLine: "HTTP/1.0 307 Temporary Redirect",
               header: { "location": `https://${req.host}:${config.HTTPSPort}${req.abspath}` }
            } );
      } else {
         return false;
      }
   } );

service foo() {
   console.log( this.socket.ssl );
   
   if( this.socket.ssl ) {
      return "ssl";
   } else {
      return "unsecure";
   }
}