0

I am developing my application using nitrogen framework which runs over Yaws and also over Cowboy web servers. My clients only know this 'domain-name.xx'or 'www.domain-name.xx' which by default hits port 80 (unsecure http), yet always it want 'https://www.domain-name.xx' for secure http (port 433)- which they are unwilling to keep entering in browsers.

I have seen a configuration which does this for nginx web server on http://nitrogenproject.com/doc/config.html

I request the community to help me provide the configuration changes for Cowboy and Yaws i can take to always ensure that everyone regardless of the browser entry, is always redirected to port 433 or 'https://www.domain-name.xx' instead of port 80 or 'http://www.domain-name.xx'.

Thank you.

Vianney Sserwanga
  • 313
  • 2
  • 10

2 Answers2

1

I would recommend making a custom security handler.

Example:

-module (my_security_handler).
-behaviour (security_handler).
-export ([
    init/2,
    finish/2
]).


init(_Config, State) ->
    Bridge = wf:request_bridge(),
    case Bridge:protocol() of
       http ->
          NewURI = "https://" ++ Bridge:header(host) ++ "/" ++ Bridge:uri(),
          wf:status_code(301),
          wf:header(location, NewURI);
       https ->
          ok
    end,
    {ok, State}.

finish(_Config, State) ->
    {ok, State}.

Then load it in nitrogen_yaws.erl and nitrogen_cowboy.erl (You're running both on the same server? Seems like an odd way to go). Just add nitrogen:handler(my_security_handler) between the two lines:

nitrogen:init_request(RequestBridge, ResponseBridge),
nitrogen:handler(my_security_handler),  %% <---- added here
nitrogen:run().

Please Note: Up until very recently, the protocol() function was not available for simple_bridge for cowboy. But I've modified simple_bridge to support it appropriately so make sure you pull from the latest master for simple_bridge.

chops
  • 2,572
  • 1
  • 16
  • 25
  • Actually I am not running both web servers (cowboy and yaws) on the same server but I am yet to choose which one to use definitely. – Vianney Sserwanga Mar 11 '14 at 18:37
  • Ah, I gotcha. That sounded like quite the feat of contortionist programming :) Did my fix above help? – chops Mar 11 '14 at 20:33
  • I have not understood your **Please Note** ... i do know where to 'pull' it from – Vianney Sserwanga Mar 12 '14 at 15:04
  • By the pulling comment, I mean pulling simple_bridge from master. If you're rebar.config is set to use `{branch, master}` for the simple_bridge dependency, then you can just use `make upgrade` and that should work. – chops Mar 12 '14 at 18:46
1

For Yaws you can modify the rel/nitrogen/etc/yaws.conf file to add the following server block:

<server domain-name.xx>
    port = 80
    listen = 0.0.0.0
    <redirect>
        / = https://www.domain-name.xx
    </redirect>
</server>

Then either restart, or run rel/nitrogen/lib/yaws/bin/yaws --hup to tell Yaws to reload its configuration.

Steve Vinoski
  • 19,847
  • 3
  • 31
  • 46