3

I've been digging through tones of websites/tutorials trying to find an answer to my question. Perhaps I am misunderstanding few of the ideas regarding HTTPS.

Right, straight to the point... I host my SPA frontend app on express(4) using staticFiles pointing to index.html:

const express = require('express'); 
const auth = require('http-auth');
const app = express();
const basic = auth.basic({
    file: `${__dirname}/login`
});

app.use(auth.connect(basic));

app.use(express.static(__dirname + '/dist'));

app.get('/*', function(req, res) {
    res.sendFile(path.join(__dirname + '/dist/index.html'));
});
app.listen(process.env.PORT || 8080);

However it only runs on HTTP, I'd like to host it using HTTPS (backend also utilizes HTTPS for its requests).

I understand that HTTPS requires some sort of encryption so the request won't be send in plain text, but is it also required from frontend-hosted apps? If so, how would it be achievable?

Thanks guys!

Jones Joseph
  • 4,703
  • 3
  • 22
  • 40
justMe
  • 674
  • 7
  • 26

1 Answers1

0

Good practice is to host node.js applications under proxy (like nginx which is commonly used for this case) because you can't start node.js application on 80 / 443 port without root privileges (and using sudo for it is security issue).

With this in mind - this proxy is the best way for https setup. For example here is step-by-step tutorial for securing nginx with letsencrypt under ubuntu. You can find similar tutorials for your OS and other web servers.

Boris Zagoruiko
  • 12,705
  • 15
  • 47
  • 79
  • Thank You for the answer. I'd like to ask one more question, how would one always redirect from http to https ? – justMe May 26 '17 at 10:55
  • 1
    You should add to your configuration something like https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx – Boris Zagoruiko May 26 '17 at 11:10