Minor updates to SSL behavior

config.template.yaml

@@ -80,6 +80,10 @@ https:
   certfile: 'localhost.cert'
   cafile: ''
   ciphers: 'HIGH:!DSS:!aNULL@STRENGTH'
+  # Allow certain account pages to redirect to HTTPS if HTTPS is enabled.
+  # You may want to set this to false if you are reverse proxying HTTPS to a
+  # non-HTTPS address.
+  redirect: true
 
 # Page template values
 # title goes in the upper left corner, description goes in a <meta> tag

lib/config.js

@@ -44,7 +44,8 @@ var defaults = {
         passphrase: "",
         certfile: "localhost.cert",
         cafile: "",
-        ciphers: "HIGH:!DSS:!aNULL@STRENGTH"
+        ciphers: "HIGH:!DSS:!aNULL@STRENGTH",
+        redirect: true
     },
     io: {
         domain: "http://localhost",

lib/web/webserver.js

@@ -46,7 +46,7 @@ function ipForRequest(req) {
  * Redirects a request to HTTPS if the server supports it
  */
 function redirectHttps(req, res) {
-    if (!req.secure && Config.get("https.enabled")) {
+    if (!req.secure && Config.get("https.enabled") && Config.get("https.redirect")) {
         var ssldomain = Config.get("https.full-address");
         if (ssldomain.indexOf(req.hostname) < 0) {
             return false;

templates/nav.jade

@@ -29,8 +29,8 @@ mixin navdefaultlinks(page)
       if loggedIn
         li: a(href="/logout?dest=#{encodeURIComponent(baseUrl + page)}&_csrf=#{csrfToken}") Logout
         li.divider
-        li: a(href="/account/channels") Channels
-        li: a(href="/account/profile") Profile
+        li: a(href="#{loginDomain}/account/channels") Channels
+        li: a(href="#{loginDomain}/account/profile") Profile
         li: a(href="#{loginDomain}/account/edit") Change Password/Email
       else
         li: a(href="#{loginDomain}/login?dest=#{encodeURIComponent(baseUrl + page)}") Login
@@ -71,4 +71,4 @@ mixin navlogoutform(redirect)
     span#welcome Welcome, #{loginName}
     span  · 
     a#logout.navbar-link(href="/logout?dest=#{encodeURIComponent(baseUrl + redirect)}&_csrf=#{csrfToken}") Logout
-    
+