Force-ssl and domain redirects

Working recently on nodejs applications we had a need to provide redirects, firstly of the domain (www.) to and secondly of protocol, everything should be https.
This would be easy if we put nginx or an equivalent server in between the load-balancers and the nodejs app, however adding another software layer introduces unnecessary complications. We hoped the solution lay in Meteor's force-ssl. It's included by default in Meteor, you just have to switch it on and it works well with load-balancers, the load-balancers deal with the https traffic and force-ssl reads the x-forwarded-proto headers to work out when to issue a redirect.
There was also an added bonus, when you set the ROOT_URL variable force-ssl provides domain redirects, if a browser arrives at your IP with the address it will redirect to (or whatever your ROOT_URL) is set to. This was almost perfect, but we discovered that if our wayward user types (ie. correct protocol, wrong domain) force-ssl doesn't change anything because it's not interested in https traffic .. arse.

Want to test this out? Download meteor, cd to your new meteor directory :

meteor add force-ssl
export ROOT_URL=
sudo meteor --port 80

Next stop is a package for meteor called Canonical which appears to do both things at once. Hmm .. code is two years old, this will need some testing.