5

I have little experience with HTTPS, SSL, etc.

I want to know how to use Node.js with HTTPS. I know how to use node.js fine, but when using HTTPS it gives errors.

I think I need to install something (openSSL?). I would like to be told of ALL the things I have to install on a windows 8.1 computer (no, I do not want to get any form of linux. No cygwin either), in order to use a node.js HTTPS server.

I do not need to have a paid certificate, I just need to have it work. It's not receiving requests from a browser, so I don't care about a paid certificate.

John Slegers
  • 45,213
  • 22
  • 199
  • 169
markasoftware
  • 12,292
  • 8
  • 41
  • 69

2 Answers2

8

Once you have node.js installed on your system, just follow the procedure below to get a basic web server running with support for both HTTP and HTTPS!

Step 1 : Build a Certificate Authority

  1. create the folder where you want to store your key & certificate :

    mkdir conf

  1. go to that directory :

    cd conf

  1. grab this ca.cnf file to use as a configuration shortcut :

    wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf

  1. create a new certificate authority using this configuration :

    openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem

  1. now that we have our certificate authority in ca-key.pem and ca-cert.pem, let's generate a private key for the server :

    openssl genrsa -out key.pem 4096

  1. grab this server.cnf file to use as a configuration shortcut :

    wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf

  1. generate the certificate signing request using this configuration :

    openssl req -new -config server.cnf -key key.pem -out csr.pem

  1. sign the request :

    openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem

Step 2 : Install your certificate as a root certificate

  1. copy your certificate to your root certificates' folder :

    sudo cp ca-crt.pem /usr/local/share/ca-certificates/ca-crt.pem

  1. update CA store :

    sudo update-ca-certificates

Step 3 : Starting your node server

First, make sure the code of your server.js looks something like this :

var http = require('http');
var https = require('https');
var fs = require('fs');

var httpsOptions = {
    key: fs.readFileSync('/path/to/HTTPS/server-key.pem'),
    cert: fs.readFileSync('/path/to/HTTPS/server-crt.pem')
};

var app = function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}

http.createServer(app).listen(8888);
https.createServer(httpsOptions, app).listen(4433);

  1. go to the directory where your server.js is located :

    cd /path/to

  1. run server.js :

    node server.js

John Slegers
  • 45,213
  • 22
  • 199
  • 169
0

2022 Answer

  1. Get your node.js server working with HTTP on port 80
  2. Use DNS to map <YourWebsite.com> to your server
  3. Use https://certbot.eff.org to upgrade your server to HTTPS

In step 3 you download and run the Certbot app on your server. Certbot asks for "YourWebsite.com". Then it issues you with a new HTTPS certificate and patches your server config files to use the HTTPS certificate.

For example, my node server was running in AWS EC2 listening on port 3000. I found Ubuntu was easier to configure than Amazon's own Linux. I used AWS Route53 to map a domain name to my EC2 instance with a static Elastic IP address. I had installed Nginx in EC2 to map clients' port 80 requests to my server on port 3000. The Certbot automatically patched the Nginx config files to use the new HTTPS certificates.

Certbot is easy. This is because Certbot runs on your server, so the HTTPS certification authority (LetsEncrypt) can verify that you control the domain name by talking over the internet to Certbot.

Adam Gawne-Cain
  • 1,347
  • 14
  • 14