My setup is something like this:
[Apache running on port 80]
http://domain1/ ---> https://domain1/ (redirect using apache)
http://domain2/ ---> Hosted on apache.
and
[Nodejs running on port 443]
https://domain1/ ---> App on Express.js/Node.js
What I want now is that any requests to https://domain2/ should be denied connection.
My ssl certificate is only valid for domain1. So, I cannot do something like this:
var vhostController = express.createServer({key:privateKey,cert:certificate});
vhostController.use(express.vhost('domain1',mainApp));
vhostController.use(express.vhost('domain2',function(req, res) {res.end();}));
vhostController.listen(443);
The above code works for http, but not for https, because it tries to validate the server certificate before passing to the function which handles what to return.
So, is there some way to check before the certificate error that the request was for domain2, and deny/close the connection.
This problem has 2 solutions:
Using different IPs:
I ended up using this method. Sample Code:
And I don’t run anything on IP2 on port 443. So, any connection to IP2 is rejected.
Using SNI:
If someone wants to use SNI, details about using it with nodejs can be found here:
http://nodejs.org/docs/latest/api/tls.html#event_secureConnection_
In the
secureConnectionevent of tls server, a cleartextStream variable is passed, in which, if the client supports SNI,cleartextStream.servernamegives the server domain wanted by the client. It can be checked here and appropriate action can be taken.