- vừa được xem lúc

Blog#194: 🔐Using HTTPS to Secure Data in Transit

0 0 7

Người đăng: NGUYỄN ANH TUẤN

Theo Viblo Asia

194

Hi, I'm Tuan, a Full-stack Web Developer from Tokyo 😊. Follow my blog to not miss out on useful and interesting articles in the future.

Introduction to HTTPS in Node.js Express

HTTPS (Hypertext Transfer Protocol Secure) is an essential protocol for securing data in transit between clients and servers in web applications. It ensures that the data exchanged is encrypted and cannot be intercepted or tampered with by unauthorized parties. In this article, we will dive deep into how to set up HTTPS in a Node.js Express application, providing a secure and robust environment for your users.

Prerequisites

To follow this guide, you should have:

  • A basic understanding of Node.js and Express
  • Node.js (version 10 or later) installed on your system
  • A text editor like Visual Studio Code, Sublime Text, or Atom

Generating SSL Certificates

To enable HTTPS, you need a public and private key pair, which are contained in an SSL certificate. You can either obtain a certificate from a Certificate Authority (CA) like Let's Encrypt, or generate a self-signed certificate for development purposes.

Self-Signed Certificates

Using OpenSSL, you can create a self-signed certificate for local development:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

This command generates two files:

  • key.pem: The private key
  • cert.pem: The public certificate

Note: Self-signed certificates should not be used in production environments, as they will trigger browser security warnings. Instead, use a trusted CA for production certificates.

Configuring Express to Use HTTPS

Now that you have the SSL certificate, let's configure the Node.js Express application to use HTTPS.

1. Create a New Express Application

First, create a new directory for your project and navigate into it:

mkdir nodejs-express-https
cd nodejs-express-https

Initialize the project with the default settings:

npm init -y

Install Express:

npm install express

2. Set Up the Express Server

Create a new file named app.js in the project directory and add the following code:

const express = require('express');
const app = express();
const port = 3000; app.get('/', (req, res) => { res.send('Hello World!');
}); app.listen(port, () => { console.log(`Example app listening at http://localhost:${port}`);
});

This code sets up a basic Express server that listens on port 3000 and responds with "Hello World!" when accessed via the root URL.

3. Configure HTTPS

To configure HTTPS, you need to import the https module and use it to create a secure server. Update app.js with the following code:

const fs = require('fs');
const https = require('https');
const express = require('express');
const app = express();
const port = 3000; app.get('/', (req, res) => { res.send('Hello World!');
}); // Read the SSL certificate files
const privateKey = fs.readFileSync('key.pem', 'utf8');
const certificate = fs.readFileSync('cert.pem', 'utf8'); // Create a credentials object
const credentials = { key: privateKey, cert: certificate }; // Create an HTTPS service with the Express app and the credentials
const httpsServer = https.createServer(credentials, app); // Start the HTTPS server
httpsServer.listen(port, () => { console.log(`Example app listening at https://localhost:${port}`);
});

This code imports the fs and https modules, reads the SSL certificate files, creates a credentials object, and starts an HTTPS server with the Express app and the credentials.

Now, your Node.js Express application is configured to use HTTPS. When you start the application, it will listen for secure connections on port 3000.

4. Test the HTTPS Server

To test your HTTPS server, run the following command:

node app.js

You should see the following output:

Example app listening at https://localhost:3000

Open your web browser and navigate to https://localhost:3000. You may encounter a security warning because of the self-signed certificate. Proceed with caution, and you should see the "Hello World!" message displayed.

Redirecting HTTP Traffic to HTTPS (Optional)

If you want to redirect all HTTP traffic to HTTPS, you can create an additional HTTP server that forwards requests to the HTTPS server. Update app.js with the following code:

const http = require('http');
const fs = require('fs');
const https = require('https');
const express = require('express');
const app = express();
const httpPort = 3001;
const httpsPort = 3000; app.get('/', (req, res) => { res.send('Hello World!');
}); // Read the SSL certificate files
const privateKey = fs.readFileSync('key.pem', 'utf8');
const certificate = fs.readFileSync('cert.pem', 'utf8'); // Create a credentials object
const credentials = { key: privateKey, cert: certificate }; // Create an HTTPS service with the Express app and the credentials
const httpsServer = https.createServer(credentials, app); // Start the HTTPS server
httpsServer.listen(httpsPort, () => { console.log(`Example app listening at https://localhost:${httpsPort}`);
}); // Create an HTTP server that redirects to the HTTPS server
const httpApp = express();
httpApp.use((req, res, next) => { res.redirect(`https://${req.headers.host}${req.url}`);
}); const httpServer = http.createServer(httpApp); // Start the HTTP server
httpServer.listen(httpPort, () => { console.log(`HTTP server redirecting to HTTPS at http://localhost:${httpPort}`);
});

This code imports the http module, creates an HTTP server that redirects to the HTTPS server, and listens for connections on port 3001. Now, when users access your application via HTTP, they will be redirected to the HTTPS version.

Conclusion

In this article, we explored the importance of securing data in transit using HTTPS in a Node.js Express application. We covered generating SSL certificates, configuring the Express server to use HTTPS, and optionally redirecting HTTP traffic to HTTPS. Implementing HTTPS in your Express applications is crucial for protecting user data and providing a secure browsing experience.

And Finally

As always, I hope you enjoyed this article and got something new. Thank you and see you in the next articles!

If you liked this article, please give me a like and subscribe to support me. Thank you. 😊

Ref

Bình luận

Bài viết tương tự

- vừa được xem lúc

Cách mình "hack" được vào hẹ thống của SMAS để xem điểm.

Cách mà mình "hack" được vào hệ thống của SMAS. Thật ra dùng từ hack cũng không đúng lắm, chỉ là một vài trick để lừa hệ thống mà thôi.

0 0 145

- vừa được xem lúc

[NodeJs] Tạo QR Code trong nodeJs với qrcode

Tạo mã QR Code trong nodejs với qrcode. QR Code là gì. Tạo QR code với qrcode. Cài đặt thư viện qrcode.

0 0 34

- vừa được xem lúc

Áp dụng kiến trúc 3 Layer Architecture vào project NodeJS

The problem encountered. Các framework nodejs phổ biết như Express cho phép chúng ta dễ dàng tạo ra Resful API xử lí các request từ phía client một cách nhanh chóng và linh hoạt.

0 0 80

- vừa được xem lúc

Router, Controller trong Express

Mở đầu. Xin chào các bạn mình đã quay trở lại rồi đây, tiếp tục với series Nodejs cơ bản thì hôm nay mình sẽ giới thiệu đến các bạn Express Router và Controller.

0 0 40

- vừa được xem lúc

Xây dựng CRUD RESTful API sử dụng Node, Express, MongoDB.

Introduction. Trong phạm vi bài viết này chúng ta sẽ cùng tìm hiểu về cách tạo restful api với Node, Express và MongoDB. . Xử lý các hoạt động crud.

0 0 225

- vừa được xem lúc

Rate time limit trong NodeJS

Chào các bạn, lại là mình đây. Hôm nay mình xin giới thiệu tới các bạn một kỹ thuật rất hay ho và hữu ích đó là Rate Limiting. 1. Rate Limiting là gì.

0 0 62