Open In App

HTTPS in Node.js

Improve
Improve
Like Article
Like
Save
Share
Report

HTTP: When the data is transferred in HTTP protocol it just travels in the clear text format. 

HTTPS: It simply encrypts the request from the browser to the web server, so it is tough to sniff that information. It basically works on two things: 

  • SSL (Secure Socket Layer)
  • TLS (Transport layer security)

Both of these use a PKI (Public Key Infrastructure) 

  • If you can’t afford an SSL Certificate then the other alternative is that there are a lot of payment services that can provide you an API to integrate into your website i.e you can have your website on a nonsecure channel (HTTP) and whenever there is a payment then redirect the user to that payment gateway service.
  • HTTPS is a separate module in Node.js and is used to communicate over a secure channel with the client. HTTPS is the HTTP protocol on top of SSL/TLS(secure HTTP protocol).

There are various advantages to this additional layer: 

  • Integrity and Confidentiality are guaranteed, as the connection is encrypted in an asymmetric manner.
  • We get authentication by having keys and certificates.

An Example of setting up an HTTPS server with Node.Js is as follows: 

  • We will first create an homepage.html file, this homepage.html file will have an HTML code for creating a web page i.e the page that will be displayed when the user asks for it or enter the URL of the same.
  • homepage.html file will also have a resource homepage.css
  • When the browser tries to get the resource homepage.css it will throw it to the server, the server will create a response header, so the browser knows how to parse the file.
  • The code below is written in a third file saved as a .js file.

Example 1: In this example, we will set up an HTTPS server with NodeJs.

javascript




(function() {
 
// Reading and writing to files in Node.js
// working with directories or file system
const fs = require("fs");
 
    // Responsible for creating HTTPS server
    // taking options for the server
    // options like where your certificates
    // and private key files are located
    // also take actual request and response server
    // code for parsing web pages from files
    const https = require("https");
 
    // Helps with mimetypes in creating our response header
    const path = require("path");
 
    // "text/css" is added in response header
    // so browser knows how to handle it
    let mimetypes = {
        "css":"text/css",
    "html":"text/html"
};
 
    // Options is used by the servers
    // pfx handles the certificate file
    let options = {
        pfx: fs.readFileSync("ssl/cert.pfx"),
    passphrase: "encrypted"
};
 
    let server = https.createServer(options, function(request, response) {
  
    // If the url is empty
    if (request.url == "" || request.url == "/") {
        request.url = "homepage.html";
    }
 
    // __dirname is the directory where we are getting
    // these files from __dirname holds the file route
    // request.url is the index.html we made earlier
    // function is the callback function that holds two
    // parameters
    fs.readFile(__dirname + "/" + request.url, function(err, content) {
        if (err) {
        console.log("Error: " + err);
        }
    else {
 
        // 200 is code for OK
        // content-Type is the object or the content header
        response.writeHead(200,
            { 'Content-Type': mimetypes[path.extname(request.url).split(".")[1]] });
    response.write(content);
        }
 
    // This will send our response back to the browser
    response.end();
    });
});
 
    server.listen("port number", "IP Address", function() {
 
        console.log("Server has started!");
});
  
})();


Output: Whatever the port number and IP Address are given to the server.listen it will execute that only web page whenever requested. And this web page will be HTTPS.



Last Updated : 31 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads