https routes to node js production

Question

I have an application on nodejs running on a kinghost.com host, it enabled SSL we will encrypt, but my application still does not respond with https only by http. I made this setting below in the application so that the requests were turned into https, but it did not work. Could someone tell me what to do, where I am wrong, some example. I do not know what else to do.

File app.js

app.set('port', process.env.PORT || 21019);
app.listen(app.get('port')); 

app.use(function(req, res, next) {
    if ((req.get('X-Forwarded-Proto') !== 'https')) {
        res.redirect('https://' + req.get('Host') + req.url);
    } else
    next();
});

Full app.js file

var express           = require('express');
var session           = require('express-session');
var cookieParser      = require('cookie-parser');
var bodyParser        = require('body-parser');
var logger            = require('morgan');
var path              = require('path');
var fileUpload        = require('express-fileupload');

var https             = require('https');

var app               = express();
var expressValidator  = require('express-validator');
var passport          = require('passport');
var flash             = require('connect-flash');

// - Cria rotas
var routes            = require('./routes/index');
var usuarios          = require('./routes/usuario');
var motorista         = require('./routes/motorista');
var login             = require('./routes/login');
var aluno             = require('./routes/aluno');
var contrato          = require('./routes/contrato');
var boleto            = require('./routes/boleto');
var pessoa            = require('./routes/pessoa');

require('./security/autenticacao')(passport);

app.use(logger('dev'));
app.use(expressValidator());
app.use(cookieParser());
app.use(bodyParser.json({limit: "50mb"}));
app.use(bodyParser.urlencoded({limit: "50mb", extended: true, parameterLimit:50000}));
app.use(express.static(path.join(__dirname, 'public')));
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(session({
    secret: 'reis&turlwaysrunning',
    resave: true,
    saveUninitialized: true
 } ));
app.use(logErrors);
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use(function (req, res, next) {
    res.locals.login = req.user;
    next();
});
app.use(fileUpload());

app.set('port', process.env.PORT || 21019);
app.listen(app.get('port')); 

app.use(function(req, res, next) {
    if ((req.get('X-Forwarded-Proto') !== 'https')) {
        res.redirect('https://' + req.get('Host') + req.url);
    } else
    next();
});

// Atriui rotas
app.use('/home', routes);
app.use('/usuarios', usuarios);
app.use('/alunos', aluno);
app.use('/motoristas', motorista);
app.use('/contratos', contrato);
app.use('/login', login);
app.use('/boletos', boleto);
app.use('/pessoas', pessoa);

//app.listen(port);

function logErrors (err, req, res, next) {
    console.error('Troxa: ' + err.stack)
    next(err)
  }

module.exports = app;

I tried that too and it did not work

File app.js

https.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.write('Hello World!');
    res.end();
  }).listen(21019);

Full app.js file

    var express           = require('express');
    var session           = require('express-session');
    var cookieParser      = require('cookie-parser');
    var bodyParser        = require('body-parser');
    var logger            = require('morgan');
    var path              = require('path');
    var fileUpload        = require('express-fileupload');

    var https             = require('https');

    var app               = express();
    var expressValidator  = require('express-validator');
    var passport          = require('passport');
    var flash             = require('connect-flash');

    // - Cria rotas
    var routes            = require('./routes/index');
    var usuarios          = require('./routes/usuario');
    var motorista         = require('./routes/motorista');
    var login             = require('./routes/login');
    var aluno             = require('./routes/aluno');
    var contrato          = require('./routes/contrato');
    var boleto            = require('./routes/boleto');
    var pessoa            = require('./routes/pessoa');

    require('./security/autenticacao')(passport);

    app.use(logger('dev'));
    app.use(expressValidator());
    app.use(cookieParser());
    app.use(bodyParser.json({limit: "50mb"}));
    app.use(bodyParser.urlencoded({limit: "50mb", extended: true, parameterLimit:50000}));
    app.use(express.static(path.join(__dirname, 'public')));
    app.set('views', path.join(__dirname, 'views'));
    app.set('view engine', 'ejs');
    app.use(session({
        secret: 'reis&turlwaysrunning',
        resave: true,
        saveUninitialized: true
     } ));
    app.use(logErrors);
    app.use(passport.initialize());
    app.use(passport.session());
    app.use(flash());
    app.use(function (req, res, next) {
        res.locals.login = req.user;
        next();
    });
    app.use(fileUpload());

    https.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.write('Hello World!');
    res.end();
  }).listen(21019);

    // Atriui rotas
    app.use('/home', routes);
    app.use('/usuarios', usuarios);
    app.use('/alunos', aluno);
    app.use('/motoristas', motorista);
    app.use('/contratos', contrato);
    app.use('/login', login);
    app.use('/boletos', boleto);
    app.use('/pessoas', pessoa);

    //app.listen(port);

    function logErrors (err, req, res, next) {
        console.error('Troxa: ' + err.stack)
        next(err)
      }

Answer 1

You could try the method of implementing https with express as shown here Enabling HTTPS on express.js ?

Answer 2

You need to have your https credential (i.e cert and key ) to use https. You can use this to generate the credentials

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

var fs = require('fs');
var https = require('https');

var httpsServerOptions = {
  'key': fs.readFileSync('./https/key.pem'),
  'cert': fs.readFileSync('./https/cert.pem')
};


var express = require('express');
var app = express();

// your express configuration here


var httpsServer = https.createServer(httpsServerOptions, app);


httpsServer.listen(21019);

Answer 3

If free Let's Encrypt certificates are good enough for you, you could use Greenlock and get free SSL with automated renewal.

Greenlock: Free SSL, Automated HTTPS

Greenlock handles certificate issuance and renewal (via Let's Encrypt) and http => https redirection, out-of-the box.

Instead of calling .listen() from express, you just export your express app (or any node-http compatible function).

Simplified, that looks like this:

express-app.js:

var express = require('express');
var app = express();

app.use('/', function (req, res) {
  res.send({ msg: "Hello, Encrypted World!" })
});

// DO NOT DO app.listen()
// Instead export your app:
module.exports = app;

Then you can use node's http and https for your server, or you can use greenlock express, which sets it up for you:

server.js:

require('greenlock-express').create({
  // Let's Encrypt v2 is ACME draft 11
  version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'

  // You MUST change these to valid email and domains
, email: 'john.doe@example.com'
, approveDomains: [ 'example.com', 'www.example.com' ]
, agreeTos: true

  // This should be the directory to which certificates are saved
, configDir: "/path/to/project/acme/"

, app: require('./express-app.js')

, communityMember: true // Get notified of important updates
, telemetry: true       // Contribute telemetry data to the project
}).listen(80, 443);

Screencast

Watch the QuickStart demonstration: https://youtu.be/e8vaR4CEZ5s

More Info

See https://stackoverflow.com/a/51146209/151312