Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Node.js HTTPS Secure Error

I am trying to create a secure node.js server to use with my site that is using ssl (https).

const crypto = require('crypto'),
      fs = require("fs"),
      http = require("http");

var privateKey = fs.readFileSync('/home/privatekey.pem');
var certificate = fs.readFileSync('/home/certificate.pem');

var credentials = crypto.createCredentials({key: privateKey.toString(), cert: certificate.toString()});

var handler = function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end('Hello World\n');
};

var server = http.createServer();
server.setSecure(credentials);
server.addListener("request", handler);
server.listen(8084);

But when I start my server, I get the following error:

node.js:116
        throw e; // process.nextTick error, or 'error' event on first tick
        ^
TypeError: Object #<Server> has no method 'setSecure'
    at Object.<anonymous> (/home/meshdev/public_html/js/node/server/test.js:16:8)
    at Module._compile (module.js:380:26)
    at Object..js (module.js:386:10)
    at Module.load (module.js:312:31)
    at Function._load (module.js:273:12)
    at Array.<anonymous> (module.js:399:10)
    at EventEmitter._tickCallback (node.js:108:26)

My server works great without the server.setSecure(credentials); line. I am running node.js(V0.4.1).

I would appreciate any suggestions.

Thank you.

like image 781
Kit Avatar asked Feb 27 '11 22:02

Kit


People also ask

How do you resolve certificate errors in a node js app with SSL calls?

The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.

Does node js support HTTPS?

HTTPS is a separate module in Node. js and is used to communicate over a secure channel with the client. HTTPS is the HTTP protocol on top of SSL/TLS(secure HTTP protocol).

Why is node js not secure?

However, by default, most Node. js applications don't have an access control mechanism, so users can easily access any sensitive information.


3 Answers

HTTPS implementation was re-done in Node.JS 0.4. See the corresponding docs at nodejs.org.

Example from the docs:

var tls = require('tls');
var fs = require('fs');

var options = {
  key: fs.readFileSync('server-key.pem'),
  cert: fs.readFileSync('server-cert.pem')
};

tls.createServer(options, function (s) {
  s.write("welcome!\n");
  s.pipe(s);
}).listen(8000);
like image 191
schaermu Avatar answered Nov 02 '22 18:11

schaermu


this setup allowed me to connect to my socket.io server ssl (HTTPS/WSS)

http=require('https'),io=require('socket.io'),fs=require('fs');

var privateKey = fs.readFileSync('ssl/nginx.key');
var certificate = fs.readFileSync('ssl/nginx.crt');
var options = {key: privateKey,cert: certificate};
var server = http.createServer(options);
server.listen(3000);
io = io.listen(server);
like image 24
moeiscool Avatar answered Nov 02 '22 17:11

moeiscool


I have worked on the https secure with the ssl here is the working code for making the https and http

var fs = require('fs');
var http = require('http');
var https = require('https');
var debug = require('debug')('expressapp');
var app = require('../app');
var CONSTANTS = require('../config/CONSTANTS.js');
var AWS = require('aws-sdk');
var certificate =fs.readFileSync('ssl/server.crt',{encoding:'utf8'},function(err, data ) {
  console.log( data );});
var privateKey  = fs.readFileSync('ssl/server.key',{encoding:'utf8'},function(err, data ) {
  console.log( data );});


var credentials = {
  key: privateKey,
  cert: certificate,
  rejectUnauthorized:false
};

// UNCOMMENT THIS LINE AFTER INSTALLING CA CERTIFICATE
 //credentials.ca = fs.readFileSync('ssl/server.crt', 'utf8');;

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);

  httpServer.listen(CONSTANTS.PORT.HTTP, function() {
    console.log('HTTP server listening on port ' + CONSTANTS.PORT.HTTP);
   })  ;

httpsServer.listen(CONSTANTS.PORT.HTTPS, function() {
  console.log('HTTPS server listening on port ' + CONSTANTS.PORT.HTTPS);
});
like image 1
Abhishek Kashyap Avatar answered Nov 02 '22 16:11

Abhishek Kashyap