SSL/HTTPS server with Node.js and Express.js

by Kyriakos Chatzidimitriou | Oct 14, 2014 09:56 | tutorials


So let’s assume the requirement is to create an https server that will redirect traffic to https if http is used in a request to the server instead. I created this little guide by bundling together a couple of links related to the subject.

We will begin by creating quickly a project using the express-generator:

$ express https-server
$ cd https-server && npm install
$ npm start

Server should be running at http://localhost:3000/. Now let’s create the certificates (Reference):

$ openssl genrsa 1024 > file.pem
$ openssl req -new -key file.pem -out csr.pem
$ openssl x509 -req -days 365 -in csr.pem -signkey file.pem -out file.crt

We assumed no passphrase was used. We can then read the certificates in the starting point file www:

var fs = require("fs");
var config     = {
    key: fs.readFileSync('file.pem'),
    cert: fs.readFileSync('file.crt')

The next step is to create two servers, one to listen on http and port 3000 and one on https and port 8000 (Reference). The www file becomes:

#!/usr/bin/env node
var debug = require('debug')('https-server');
var app = require('../app');
var https = require('https');
var http = require('http');
var fs = require("fs");
var config = {
    key: fs.readFileSync('file.pem'),
    cert: fs.readFileSync('file.crt')

https.createServer(config, app).listen(8000)

Now one can navigate both to http://localhost:3000 and https://localhost:8000 and get the same response. In the latter case with the usual “proceed with caution” notice since the certificate is not signed by a trusted authority.

The last step is to redirect traffic that come into http to https by using a middleware for all routes (Reference):

function ensureSecure(req, res, next){
    return next();
  res.redirect('https://'':' + 8000 + req.url);

app.all('*', ensureSecure);

app.use('/', routes);
app.use('/users', users);

So http://localhost:3000 and http://localhost:3000/users redirect to https://localhost:8000 and https://localhost:8000/users respectively.

The complete code can be found in GitHub.

Last but not least, in production you can redirect traffic to standard http and https ports like in this reference.