Menu
I'm trying to get HTTPS working on express.js for node, and I can't figure it out.
This is my app.js code.
var express = require('express'); var fs = require('fs'); var privateKey = fs.readFileSync('sslcert/server.key'); var certificate = fs.readFileSync('sslcert/server.crt'); var credentials = {key: privateKey, cert: certificate}; var app = express.createServer(credentials); app.get('/', function(req,res) { res.send('hello'); }); app.listen(8000); When I run it, it seems to only respond to HTTP requests.
I wrote simple vanilla node.js based HTTPS app:
var fs = require("fs"), http = require("https"); var privateKey = fs.readFileSync('sslcert/server.key').toString(); var certificate = fs.readFileSync('sslcert/server.crt').toString(); var credentials = {key: privateKey, cert: certificate}; var server = http.createServer(credentials,function (req, res) { res.writeHead(200, {'Content-Type': 'text/plain'}); res.end('Hello World\n'); }); server.listen(8000); And when I run this app, it does respond to HTTPS requests. Note that I don't think the toString() on the fs result matters, as I've used combinations of both and still no es bueno.
EDIT TO ADD:
For production systems, you're probably better off using Nginx or HAProxy to proxy requests to your nodejs app. You can set up nginx to handle the ssl requests and just speak http to your node app.js.
EDIT TO ADD (4/6/2015)
For systems on using AWS, you are better off using EC2 Elastic Load Balancers to handle SSL Termination, and allow regular HTTP traffic to your EC2 web servers. For further security, setup your security group such that only the ELB is allowed to send HTTP traffic to the EC2 instances, which will prevent external unencrypted HTTP traffic from hitting your machines.
873
We will perform HTTP to HTTPS redirection by creating an Express middleware function [ 1] and then, inside that function, write the redirection code that will force Express to use HTTPS. The middleware function provides access to the Express req and res objects and next function that we will need.
To start your https server, run node app. js (here, app. js is name of the file) on the terminal. or in your browser, by going to https://localhost:8000 .
In express.js (since version 3) you should use that syntax:
var fs = require('fs'); var http = require('http'); var https = require('https'); var privateKey = fs.readFileSync('sslcert/server.key', 'utf8'); var certificate = fs.readFileSync('sslcert/server.crt', 'utf8'); var credentials = {key: privateKey, cert: certificate}; var express = require('express'); var app = express(); // your express configuration here var httpServer = http.createServer(app); var httpsServer = https.createServer(credentials, app); httpServer.listen(8080); httpsServer.listen(8443); In that way you provide express middleware to the native http/https server
If you want your app running on ports below 1024, you will need to use sudo command (not recommended) or use a reverse proxy (e.g. nginx, haproxy).
93
First, you need to create selfsigned.key and selfsigned.crt files. Go to Create a Self-Signed SSL Certificate Or do following steps.
Go to the terminal and run the following command.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./selfsigned.key -out selfsigned.crt
After creation adds key & cert file in your code, and pass the options to the server.
const express = require('express'); const https = require('https'); const fs = require('fs'); const port = 3000; var key = fs.readFileSync(__dirname + '/../certs/selfsigned.key'); var cert = fs.readFileSync(__dirname + '/../certs/selfsigned.crt'); var options = { key: key, cert: cert }; app = express() app.get('/', (req, res) => { res.send('Now using https..'); }); var server = https.createServer(options, app); server.listen(port, () => { console.log("server starting on port : " + port) }); More information https://github.com/sagardere/set-up-SSL-in-nodejs
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
