Use SSL.

.gitignore

@@ -34,3 +34,6 @@ css/index.css
 
 # New Relic
 newrelic.js
+
+# SSL Keys
+*.pem

lib/server.js

@@ -1,15 +1,30 @@
 var db = require('./db')
 var express = require('express')
 var expressWinston = require('express-winston')
+var forceSSL = require('express-force-ssl')
 var fs = require('fs')
 var http = require('http')
+var https = require('https')
 var ice = require('./ice')
 var path = require('path')
 var socketIO = require('socket.io')
 var winston = require('winston')
 
 var app = express()
+
+if (process.env.SECURE) {
+  var server = https.Server({
+    key: fs.readFileSync(process.env.SSL_KEY || 'key.pem'),
+    cert: fs.readFileSync(process.env.SSL_CERT || 'cert.pem')
+  }, app)
+  var port = process.env.PORT || 443
+  var insecurePort = process.env.INSECURE_PORT || 80
+  http.Server(app).listen(80)
+} else {
   var server = http.Server(app)
+  var port = process.env.PORT || (process.env.NODE_ENV === 'production' ? 80 : 3000)
+}
+
 var io = socketIO(server)
 
 var logDir = path.resolve(__dirname, '../log')
@@ -31,7 +46,7 @@ server.on('error', function (err) {
   process.exit(1)
 })
 
-server.listen(process.env.PORT || 3000, function (err) {
+server.listen(port, function (err) {
   var host = server.address().address
   var port = server.address().port
   console.log('FilePizza listening on %s:%s', host, port)
@@ -42,6 +57,8 @@ app.use(expressWinston.logger({
   expressFormat: true
 }))
 
+app.use(forceSSL)
+
 app.get('/js', require('./middleware/javascript'))
 app.get('/css', require('./middleware/css'))
 app.use(require('./middleware/static'))

package.json

@@ -28,6 +28,7 @@
     "alt": "^0.14.4",
     "classnames": "^1.2.0",
     "express": "^4.12.0",
+    "express-force-ssl": "^0.3.0",
     "express-winston": "^0.3.1",
     "filepizza-socket": "^1.0.0",
     "newrelic": "^1.21.1",