Given an SSL key and certificate, how does one create an HTTPS service?
The Express API doc spells this out pretty clearly.
Additionally this answer gives the steps to create a self-signed certificate.
I have added some comments and a snippet from the Node.js HTTPS documentation:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
// This line is from the Node.js HTTPS documentation.
var options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.cert')
};
// Create a service (the app object is just a callback).
var app = express();
// Create an HTTP service.
http.createServer(app).listen(80);
// Create an HTTPS service identical to the HTTP service.
https.createServer(options, app).listen(443);
For Node 0.3.4 and above all the way up to the current LTS (v16 at the time of this edit), https://nodejs.org/api/https.html#httpscreateserveroptions-requestlistener has all the example code you need:
const https = require(`https`);
const fs = require(`fs`);
const options = {
key: fs.readFileSync(`test/fixtures/keys/agent2-key.pem`),
cert: fs.readFileSync(`test/fixtures/keys/agent2-cert.pem`)
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end(`hello world\n`);
}).listen(8000);
Note that if want to use Let's Encrypt's certificates using the certbot tool, the private key is called privkey.pem and the certificate is called fullchain.pem:
const certDir = `/etc/letsencrypt/live`;
const domain = `YourDomainName`;
const options = {
key: fs.readFileSync(`${certDir}/${domain}/privkey.pem`),
cert: fs.readFileSync(`${certDir}/${domain}/fullchain.pem`)
};
Found this question while googling "node https" but the example in the accepted answer is very old - taken from the docs of the current (v0.10) version of node, it should look like this:
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);
The above answers are good but with Express and node this will work fine.
Since express create the app for you, I'll skip that here.
var express = require('express')
, fs = require('fs')
, routes = require('./routes');
var privateKey = fs.readFileSync('cert/key.pem').toString();
var certificate = fs.readFileSync('cert/certificate.pem').toString();
// To enable HTTPS
var app = module.exports = express.createServer({key: privateKey, cert: certificate});
The minimal setup for an HTTPS server in Node.js would be something like this :
var https = require('https');
var fs = require('fs');
var httpsOptions = {
key: fs.readFileSync('path/to/server-key.pem'),
cert: fs.readFileSync('path/to/server-crt.pem')
};
var app = function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}
https.createServer(httpsOptions, app).listen(4433);
If you also want to support http requests, you need to make just this small modification :
var http = require('http');
var https = require('https');
var fs = require('fs');
var httpsOptions = {
key: fs.readFileSync('path/to/server-key.pem'),
cert: fs.readFileSync('path/to/server-crt.pem')
};
var app = function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}
http.createServer(app).listen(8888);
https.createServer(httpsOptions, app).listen(4433);
Update
Use Let's Encrypt via Greenlock.js
Original Post
I noticed that none of these answers show that adding a Intermediate Root CA to the chain, here are some zero-config examples to play with to see that:
https://github.com/solderjs/nodejs-ssl-example
http://coolaj86.com/articles/how-to-create-a-csr-for-https-tls-ssl-rsa-pems/
https://github.com/solderjs/nodejs-self-signed-certificate-example
Snippet:
var options = {
// this is the private key only
key: fs.readFileSync(path.join('certs', 'my-server.key.pem'))
// this must be the fullchain (cert + intermediates)
, cert: fs.readFileSync(path.join('certs', 'my-server.crt.pem'))
// this stuff is generally only for peer certificates
//, ca: [ fs.readFileSync(path.join('certs', 'my-root-ca.crt.pem'))]
//, requestCert: false
};
var server = https.createServer(options);
var app = require('./my-express-or-connect-app').create(server);
server.on('request', app);
server.listen(443, function () {
console.log("Listening on " + server.address().address + ":" + server.address().port);
});
var insecureServer = http.createServer();
server.listen(80, function () {
console.log("Listening on " + server.address().address + ":" + server.address().port);
});
This is one of those things that's often easier if you don't try to do it directly through connect or express, but let the native https module handle it and then use that to serve you connect / express app.
Also, if you use server.on('request', app) instead of passing the app when creating the server, it gives you the opportunity to pass the server instance to some initializer function that creates the connect / express app (if you want to do websockets over ssl on the same server, for example).
To enable your app to listen for both http and https on ports 80 and 443 respectively, do the following
Create an express app:
var express = require('express');
var app = express();
The app returned by express() is a JavaScript function. It can be be passed to Node’s HTTP servers as a callback to handle requests. This makes it easy to provide both HTTP and HTTPS versions of your app using the same code base.
You can do so as follows:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var app = express();
var options = {
key: fs.readFileSync('/path/to/key.pem'),
cert: fs.readFileSync('/path/to/cert.pem')
};
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);
For complete detail see the doc
You can use also archive this with the Fastify framework:
const { readFileSync } = require('fs')
const Fastify = require('fastify')
const fastify = Fastify({
https: {
key: readFileSync('./test/asset/server.key'),
cert: readFileSync('./test/asset/server.cert')
},
logger: { level: 'debug' }
})
fastify.listen(8080)
(and run openssl req -nodes -new -x509 -keyout server.key -out server.cert to create the files if you need to write tests)
If you need it only locally for local development, I've created utility exactly for this task - https://github.com/pie6k/easy-https
import { createHttpsDevServer } from 'easy-https';
async function start() {
const server = await createHttpsDevServer(
async (req, res) => {
res.statusCode = 200;
res.write('ok');
res.end();
},
{
domain: 'my-app.dev',
port: 3000,
subdomains: ['test'], // will add support for test.my-app.dev
openBrowser: true,
},
);
}
start();
It:
Will automatically add proper domain entries to /etc/hosts
Will ask you for admin password only if needed on first run / domain change
Will prepare https certificates for given domains
Will trust those certificates on your local machine
Will open the browser on start pointing to your local server https url
Download rar file for openssl set up from here: https://indy.fulgan.com/SSL/openssl-0.9.8r-i386-win32-rev2.zip
Just copy your folder in c drive.
Create openssl.cnf file and download their content from : http://web.mit.edu/crypto/openssl.cnf
openssl.cnf can be put any where but path shoud be correct when we give in command prompt.
Open command propmt and set openssl.cnf path C:\set OPENSSL_CONF=d:/openssl.cnf
5.Run this in cmd : C:\openssl-0.9.8r-i386-win32-rev2>openssl.exe
Then Run OpenSSL> genrsa -des3 -out server.enc.key 1024
Then it will ask for pass phrases : enter 4 to 11 character as your password for certificate
Then run this Openssl>req -new -key server.enc.key -out server.csr
Then it will ask for some details like country code state name etc. fill it freely.
10 . Then Run Openssl > rsa -in server.enc.key -out server.key
Run this OpenSSL> x509 -req -days 365 -in server.csr -signkey server.key -out server.crt then use previous code that are on stack overflow
Thanks
Related
I am trying to host my website, written with ExpressJS, using namecheap's cPanel, along with cloudflare, but can't seem to figure out how to deploy it. There isn't an option for a Node.js application so I resorted to using my cPanel's terminal to host it. Here's my basic ExpressJS code that I used for testing:
const express = require('express')
const https = require("https")
const fs = require("fs")
const app = express()
const cert = fs.readFileSync("./cert.crt")
const ca = fs.readFileSync("./ca.ca-bundle")
const key = fs.readFileSync("./private.key")
let options = {
cert: cert,
ca: ca,
key: key
}
let server = https.createServer(options, app)
app.get('/test', (req, res) => {
res.send('Hello World!')
})
server.listen(8080, 'shared ip', () => { console.log("Hosting!") });
Whenever I go to mydomain.com the index.html file gets served like normal, but when I go to mydomain.com/test I get a 404 not found. When looking at the GET request my site seems to be getting my server's IP with port 443 instead of 8080. Then when I go to mydomain.com:8080/test I get ERR_SSL_PROTOCOL_ERROR. I'm not totally sure how to fix this.
Port 443 is the standard TCP port that is used for website by default
try changing to server.listen(process.env.PORT || 80, () => { console.log("Hosting!") });
or server.listen(443, 'shared ip', () => { console.log("Hosting!") });
I recently attempted to install an SSL certificate to my server. The certificate files (privkey.pem, fullchain.pem) are in the root directory of the application. When I run the following code:
var express = require('express');
var app = express();
var helmet = require('helmet');
var db = require('./server/database.js');
var fs = require('fs');
var ssl = require('ssl-root-cas');
'use strict';
var rootCas = require('ssl-root-cas/latest').create();
// default for all https requests
// (whether using https directly, request, or another module)
require('https').globalAgent.options.ca = rootCas;
app.use(helmet());
var options = {
key : fs.readFileSync('privkey.pem', 'ascii'),
cert : fs.readFileSync('fullchain.pem', 'ascii')
}
app.get('/', function(req, res) {
res.sendFile(__dirname + '/public/index.html');
});
app.use('/public', express.static(__dirname + '/public'));
var serv = require('https').createServer(options, app);
The server runs with no errors. The "Server is listening on port 80" Confirmation I added shows, and the certificate appears to not cause any direct issues. However when I attempt to connect to the domain(using https://) Chrome responds with ERR_CONNECTION_REFUSED. When connecting to the domain via http, Chrome responds with the same message. I am using SocketIO, which is initialized later in the code, I have not found any connection between my issue and SocketIO's functions. What is causing the inability to connect?
The https request is sent over port 443 rather than 80. The following code worked without issues:
var express = require('express');
var app = express();
var helmet = require('helmet');
var db = require('./server/database.js');
var fs = require('fs');
var ssl = require('ssl-root-cas');
'use strict';
var rootCas = require('ssl-root-cas/latest').create();
// default for all https requests
// (whether using https directly, request, or another module)
require('https').globalAgent.options.ca = rootCas;
app.use(helmet());
var options = {
key : fs.readFileSync('privkey.pem', 'ascii'),
cert : fs.readFileSync('fullchain.pem', 'ascii')
}
app.get('/', function(req, res) {
res.sendFile(__dirname + '/public/index.html');
});
app.use('/public', express.static(__dirname + '/public'));
var serv = require('https').createServer(options, app);
//var serv = require('https').Server(app); //DEBUG ONLY
How can I create a express server that acts as proxy?
Requirements:
http + https
works behind corporate proxy
option to return special content for some urls
I tried http-proxy, express-http-proxy, https-proxy-agent, request. I could not figure out how to use them correctly.
using request
The best result I got with request. But there are some issues.
var express = require('express'),
request = require('request'),
app = express();
var r = request.defaults({'proxy':'http://mycorporateproxy.com:8080'});
function apiProxy() {
return function (req, res, next) {
console.log(req.method);
r.get(req.url).pipe(res);
}
}
app.use(apiProxy());
app.listen(8080, function () {
'use strict';
console.log('Listening...');
});
Issues with this approach:
it uses get for all requests (HEAD, GET, ...)
headers of the source request are not passed
https isn't working
using http-proxy
var express = require('express'),
httpProxy = require('http-proxy'),
app = express();
var proxy = httpProxy.createProxyServer({
});
function apiProxy() {
return function (req, res, next) {
console.log(req.method);
proxy.web(req, res, {target: req.url});
}
}
app.use(apiProxy());
app.listen(8080, function () {
'use strict';
console.log('Listening...');
});
here I get (probably because of the missing corporate proxy)
Error: connect ECONNREFUSED xx.xx.xx.xx:80
at Object.exports._errnoException (util.js:1026:11)
at exports._exceptionWithHostPort (util.js:1049:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1085:14)
I started google chrome with the option
--proxy-server="localhost:8080"
My .npmrc contains the proxies as well.
proxy=http://mycorporateproxy.com:8080
https-proxy=http://mycorporateproxy.com:8080
I've successfully used http-proxy-middleware with the following:
const express = require("express")
const app = require("express")()
const proxy = require("http-proxy-middleware")
const package = require("./package.json")
const target = process.env.TARGET_URL
const port = process.env.PORT
const wildcardProxy = proxy({ target })
app.use(wildcardProxy)
app.listen(config.port, () => console.log(`Application ${package.name} (v${package.version}) started on ${config.port}`))
I haven't had the need for https yet but it's mentioned in the docs: https://github.com/chimurai/http-proxy-middleware#http-proxy-options
i have a locomotive.js MVC project , and its listening on http.
i want to listen on https , and redirect all http to https.
i cant find the createServer of node.js, the only code i find is:
under /lib/node_modules/locomotive/lib/locomotive/cli/server.js
console.log('booting app at %s in %s environment', dir, env);
locomotive.boot(dir, env, function(err, server) {
if (err) {
throw err;
}
server.listen(port, address, function() {
var addr = this.address();
console.log('listening on %s:%d', addr.address, addr.port, addr);
});
});
changed to :
console.log('booting app at %s in %s environment', dir, env);
var crypto = require('crypto'),
fs = require("fs");
var privateKey = fs.readFileSync('/privatekey.pem').toString();
var certificate = fs.readFileSync('/certificate.pem').toString();
var https = require('https');
var credentials = crypto.createCredentials({key: privateKey, cert: certificate});
and i am kind of stuck now , any help ?
Thanks !
This is not very well tested, but it seems to work:
// start.js
var locomotive = require('locomotive');
var app = new locomotive.Locomotive();
var http = require('http');
var https = require('https');
var fs = require('fs');
app.boot(__dirname, 'development', function(err, server) {
var options = {
key : fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt')
};
https.createServer(options, server).listen(port, address);
});
There's a couple of issues with it (hardcoded directory name and environment, and it doesn't include the HTTP-redirecting part), but those are minor.
i will post my answer here , if someone see this question:
var fs = require("fs");
var options = {
key: fs.readFileSync('/privatekey.pem'),
cert: fs.readFileSync('/certificate.pem')
};
var server = https.createServer(options, this);
return server.listen.apply(server, arguments);
Can I create an Express server listening on both HTTP and HTTPS, with the same routes and the same middlewares?
Currently I do this with Express on HTTP, with stunnel tunneling HTTPS to Express, but I prefer a pure Node solution.
I can do it with this code, but using the handle method that is marked as private:
var express = require( 'express' )
, https = require("https")
, fs = require( 'fs' );
var app = express.createServer();
// init routes and middlewares
app.listen( 80 );
var privateKey = fs.readFileSync( 'privatekey.pem' ).toString();
var certificate = fs.readFileSync( 'certificate.pem' ).toString();
var options = {key: privateKey, cert: certificate};
https.createServer( options, function(req,res)
{
app.handle( req, res );
} ).listen( 443 );
To enable your app to listen for both http and https on ports 80 and 443 respectively, do the following
Create an express app:
var express = require('express');
var app = express();
The app returned by express() is a JavaScript function. It can be be passed to Node’s HTTP servers as a callback to handle requests. This makes it easy to provide both HTTP and HTTPS versions of your app using the same code base.
You can do so as follows:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var app = express();
var options = {
key: fs.readFileSync('/path/to/key.pem'),
cert: fs.readFileSync('/path/to/cert.pem'),
ca: fs.readFileSync('/path/to/ca.pem')
};
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);
For complete detail see the doc
As a possible update to this question, you might want to check out the changes here for express 3. The change document says:
The return value of express() is a JavaScript Function,
encapsulating everything that makes an Express app tick. This means
you can easily setup HTTP and HTTPS versions of your application by
passing it to node's http.createServer() and https.createServer():
In Express 3, express.createServer() is now express()
Here is a complete example for express 3:
var fs = require('fs')
, https = require('https')
, http = require('http')
, express = require('express')
, keys_dir = 'keys/'
, server_options = {
key : fs.readFileSync(keys_dir + 'privatekey.pem'),
ca : fs.readFileSync(keys_dir + 'certauthority.pem'),
cert : fs.readFileSync(keys_dir + 'certificate.pem')
}
, app = express();
app.configure(function(){
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session( { secret: '' } ));
app.use(app.router);
});
app.configure('development',function(){
app.use(express.static(__dirname + '/public'));
app.use(express.errorHandler({dumpExceptions: true, showStack:true}));
app.set('view options', { pretty: true });
});
app.get('/', function(req, res){
res.send('Hello World!');
});
https.createServer(server_options,app).listen(7000);
http.createServer(app).listen(8000);
You can share the implementation via something like:
var register = function (app) {
// config middleware
app.configure({
});
// config routes
app.get(...);
};
var http = express.createServer();
register(http);
http.listen(80);
var https = express.createServer({ key: /* https properties */ });
register(https);
https.listen(443);
You can use express and https in same port.
this works for me.
const express=require('express');
const app=express();
const cors=require('cors');
const path=require("path");
const routes=require('./routes/api');
const routerComplain=require('./routes/api');
const routerstores=require('./routes/api');
const routerstock=require('./routes/api');
const routerreport=require('./routes/api');
const routeritem=require('./routes/api');
const bodyParser=require('body-parser');
const routerRegister=require('./routes/api');
const mongoose=require('mongoose');
var server = require('http').Server(app);
var io = require('socket.io')(server);
require("dotenv").config();
mongoose.connect('mongodb://#################',{ useNewUrlParser: true },(err)=>{
if(!err){
console.log('db connected')
}else{
console.log('error in db')
}
});
mongoose.Promise = global.Promise;
app.use(express.static('public'));
app.use(bodyParser.json());
app.use(cors({credentials: true, origin:'http://localhost:3000'}));
app.use(express.static(path.join(__dirname, "client", "build")))
app.use('/reg',routes);
app.use('/complain',routerComplain);
app.use('/register',routerRegister);
app.use('/stores',routerstores);
app.use('/reports',routerreport);
app.use('/stock',routerstock);
app.use('/items',routeritem);
app.get("*", (req, res) => {
res.sendFile(path.join(__dirname, "client", "build", "index.html"));
});
io.on('connection', function (socket) {
socket.emit('news', { hello: 'world' });
socket.on('my other event', function (data) {
console.log(data);
});
})
const port = process.env.port||4000;
server.listen(port,function(){
console.log('now listening for request');
});
If you want to use the traditional two ports, one of the above solutions probably works, but using httpolyglot, you can really easily have http and https on the same port with the same middlewares.
https://github.com/mscdex/httpolyglot
Here's some skeleton code that worked for me:
var express = require('express');
var fs = require('fs');
var httpolyglot = require('httpolyglot');
var app = express();
const options = {
key: fs.readFileSync("/etc/ssl/certs/key"),
cert: fs.readFileSync("/etc/ssl/certs/cer.cer")
};
httpolyglot.createServer(options, app).listen(port);
and if you want http -> https forwarding, you can just add this middleware function before the createServer() call:
app.use(function(req, res, next) {
if (!req.secure ) {
res.redirect (301, 'https://' + req.hostname + ':port' + req.originalUrl);
}
next();
});
This can be set up on a custom port
Similar post
Can I configure expressjs to serve some pages over http and others over https?
Be aware that express now support creating Https servers with:
var app = require('express').createServer({ key: ... });