3

Is there any way I can change my web app to listen on HTTPS instead of HTTP. I'm using node.js/express.

I need it to listen on HTTPS because I'm using geolocation, which Chrome no longer supports unless being served from a secure context such as HTTPS.

This is the current './bin/www' file which currently listens on HTTP. 

#!/usr/bin/env node

var app = require('../app');
var debug = require('debug')('myapp:server');
var http = require('http');

var port = normalizePort(process.env.PORT || '9494');
app.set('port', port);


var server = http.createServer(app)

server.listen(port);
server.on('error', onError);
server.on('listening', onListening);


function normalizePort(val) {
  var port = parseInt(val, 10);

  if (isNaN(port)) {
    // named pipe
    return val;
  }

  if (port >= 0) {
    // port number
    return port;
  }

  return false;
}

function onError(error) {
  if (error.syscall !== 'listen') {
    throw error;
  }

  var bind = typeof port === 'string'
    ? 'Pipe ' + port
    : 'Port ' + port;

  // handle specific listen errors with friendly messages
  switch (error.code) {
    case 'EACCES':
      console.error(bind + ' requires elevated privileges');
      process.exit(1);
      break;
    case 'EADDRINUSE':
      console.error(bind + ' is already in use');
      process.exit(1);
      break;
    default:
      throw error;
  }
}


function onListening() {
  var addr = server.address();
  var bind = typeof addr === 'string'
    ? 'pipe ' + addr
    : 'port ' + addr.port;
  debug('Listening on ' + bind);
}
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
  • Hi, welcome to stackoverflow! It usually helps to get an answer if you include what you have already tried and how it did not fit your needs. – William Patton Feb 22 '19 at 23:56

1 Answers1

4

Yes, there is a way. First off, generate a self-signed certificate:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Then, serve over HTTPS thanks to Node's HTTPS lib:

// imports
const express = require('express');
var fs = require('fs');
const http = require('http');
const https = require('https');
const app = require('./path/to/your/express/app');

// HTTPS server
const httpsServer = https.createServer({
    key: fs.readFileSync('server.key'),
    cert: fs.readFileSync('server.cert')
}, app);
httpsServer.listen(443, () => console.log(`HTTPS server listening: https://localhost`));

Finally, use a minimal HTTP server to listen requests to the same domain and redirects them:

// redirect HTTP server
const httpApp = express();
httpApp.all('*', (req, res) => res.redirect(300, 'https://localhost'));
const httpServer = http.createServer(httpApp);
httpServer.listen(80, () => console.log(`HTTP server listening: http://localhost`));

This is, of course, the minimal setup. For production, you'll use different certificates, and replace localhost by a dynamic domain name that you'll generate from req, and you might not want to use the ports 80 and 443, etc.

Related reads:

99problems
  • 3
  • 2
Nino Filiu
  • 16,660
  • 11
  • 54
  • 84
  • Great answer! I modified the code a little, so the redirect goes to 'https://localhost'+req.originalUrl instead so the client is redirected to the very site he wanted to access. – kaiya Nov 23 '20 at 10:48
  • " you might not want to use the ports 80 and 443", how come? – sander Aug 18 '21 at 10:45
  • 1
    @sander It's generally a better practice to have your services listen on private ports like 8080, and have a tool like nginx take care of HTTPS & redirecting to the right services, this way, you decouple deployment from code, you can reuse the same code in production and locally and inside a docker, etc. It of course depends on the context. – Nino Filiu Aug 18 '21 at 15:13