Open baconbrad opened 7 years ago
Works fine in development when ran directly from node. It appears the issue is when ran on IIS with IIS-node.
@baconbrad I see this issue when running Nuts within OpenShift. The https request is terminated at the load balancer and nuts is then called via http.
Since getFullUrl(req)
uses the same protocol as the incoming request you end up with an http
instead of https
url in the response.
I also narrowed down the problem to getFullUrl(req)
. I ended up having to jimmy rig this with a hardcoded fix in nuts.js. I was unable to figure out what in our setup was causing this and we had to get the updater working in production ASAP. Seems to have worked for over a year without issue since.
function getFullUrl(req) {
return req.protocol + '://' + req.get('host') + req.originalUrl;
}
Was changed to:
function getFullUrl(req) {
return 'https://' + req.get('host') + req.originalUrl;
}
@dguettler That does clarify things for me though now that I think about it. Node.js applications running on IISNode are actually HTTP servers tunneled through HTTPS. The binding for HTTPS is done through IIS 8.5 and not in the script itself. This must be what is throwing Nuts off.
@baconbrad yes, forked the project and did exactly the same change. It may make sense to be able to set this via an environment variable.
Squirrel goes to download my RELEASES file from
https://myurl.com:3000/update/win32_x64/0.1.13/RELEASES?id=MyApp&localVersion=0.1.13&arch=amd64
.But it tries to download an update from
http://myurl.com:3000/download/0.1.14/MyApp-0.1.14-delta.nupkg
. As a result it fails to download since we don't allow Nuts to run over HTTP nor do we want updates served over HTTP.Going to
https://myurl.com:3000/download/0.1.14/MyApp-0.1.14-delta.nupkg
I get the file as expected.Looking at
https://myurl.com:3000/update/win32_x64/0.1.13/RELEASES?id=MyApp&localVersion=0.1.13&arch=amd64
in an editor I can see that Nuts is telling Squirrel to download from these HTTP links instead of the proper HTTPS links.