Running your web server over HTTPS (HTTP Secure) is essential for protecting your users' data. It encrypts the communication between the client and the server. Node.js's built-in `https` module makes it straightforward to create an HTTPS server.
Prerequisites: SSL/TLS Certificate
You need an SSL/TLS certificate, which consists of a private key (`.key`) and a public certificate (`.crt`). For production, you should get a certificate from a trusted Certificate Authority (CA) like Let's Encrypt. For local development, you can generate a self-signed certificate using a tool like OpenSSL.
Generating a Self-Signed Certificate
openssl req -x509 -newkey rsa:2048 -nodes -sha256 -keyout key.pem -out cert.pem -days 365Creating the HTTPS Server
The code is very similar to creating an HTTP server, but you use the `https` module and provide the key and certificate in the options.
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
const server = https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('Hello, this is a secure server!\n');
});
server.listen(8443, () => {
console.log('Secure server running on https://localhost:8443');
});
When you visit `https://localhost:8443`, your browser will show a warning because the certificate is self-signed, but the connection will be encrypted.
Comments
Post a Comment