HTTP: When the data is transferred in HTTP protocol it just travels in the clear text format.
HTTPS: It simply encrypts the request from the browser to the web server, so it is tough to sniff that information. It basically works on two things:
- SSL (Secure Socket Layer)
- TLS (Transport layer security)
Both of these use a PKI (Public Key Infrastructure)
- If you can’t afford an SSL Certificate then the other alternative is that there are a lot of payment services that can provide you an API to integrate into your website i.e you can have your website on a nonsecure channel (HTTP) and whenever there is a payment then redirect the user to that payment gateway service.
- HTTPS is a separate module in Node.js and is used to communicate over a secure channel with the client. HTTPS is the HTTP protocol on top of SSL/TLS(secure HTTP protocol).
There are various advantages to this additional layer:
- Integrity and Confidentiality are guaranteed, as the connection is encrypted in an asymmetric manner.
- We get authentication by having keys and certificates.
An Example of setting up an HTTPS server with Node.Js is as follows:
- We will first create an homepage.html file, this homepage.html file will have an HTML code for creating a web page i.e the page that will be displayed when the user asks for it or enter the URL of the same.
- homepage.html file will also have a resource homepage.css
- When the browser tries to get the resource homepage.css it will throw it to the server, the server will create a response header, so the browser knows how to parse the file.
- The code below is written in a third file saved as a .js file.
Example 1: In this example, we will set up an HTTPS server with NodeJs.
( function () {
// Reading and writing to files in Node.js // working with directories or file system const fs = require( "fs" );
// Responsible for creating HTTPS server
// taking options for the server
// options like where your certificates
// and private key files are located
// also take actual request and response server
// code for parsing web pages from files
const https = require( "https" );
// Helps with mimetypes in creating our response header
const path = require( "path" );
// "text/css" is added in response header
// so browser knows how to handle it
let mimetypes = {
"css" : "text/css" ,
"html" : "text/html"
}; // Options is used by the servers
// pfx handles the certificate file
let options = {
pfx: fs.readFileSync( "ssl/cert.pfx" ),
passphrase: "encrypted"
}; let server = https.createServer(options, function (request, response) {
// If the url is empty
if (request.url == "" || request.url == "/" ) {
request.url = "homepage.html" ;
}
// __dirname is the directory where we are getting
// these files from __dirname holds the file route
// request.url is the index.html we made earlier
// function is the callback function that holds two
// parameters
fs.readFile(__dirname + "/" + request.url, function (err, content) {
if (err) {
console.log( "Error: " + err);
}
else {
// 200 is code for OK
// content-Type is the object or the content header
response.writeHead(200,
{ 'Content-Type' : mimetypes[path.extname(request.url).split( "." )[1]] });
response.write(content);
}
// This will send our response back to the browser
response.end();
});
}); server.listen( "port number" , "IP Address" , function () {
console.log( "Server has started!" );
}); })(); |
Output: Whatever the port number and IP Address are given to the server.listen it will execute that only web page whenever requested. And this web page will be HTTPS.