https://stackoverflow.com/questions/11744975/enabling-https-on-express-js



425down voteaccepted

In express.js (since version 3) you should use that syntax:

var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey  = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');

var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();

// your express configuration here

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);

httpServer.listen(8080);
httpsServer.listen(8443);

In that way you provide express middleware to the native http/https server

If you want your app running on ports below 1024, you will need to use sudo command (not recommended) or use a reverse proxy (e.g. nginx, haproxy).

    I ran into a similar issue with getting SSL to work on a port other than port 443. In my case I had a bundle certificate as well as a certificate and a key. The bundle certificate is a file that holds multiple certificates, node requires that you break those certificates into separate elements of an array.

        var express = require('express');
        var https = require('https');
        var fs = require('fs');
    
        var options = {
          ca: [fs.readFileSync(PATH_TO_BUNDLE_CERT_1), fs.readFileSync(PATH_TO_BUNDLE_CERT_2)],
          cert: fs.readFileSync(PATH_TO_CERT),
          key: fs.readFileSync(PATH_TO_KEY)
        };
    
        app = express()
    
        app.get('/', function(req,res) {
            res.send('hello');
        });
    
        var server = https.createServer(options, app);
    
        server.listen(8001, function(){
            console.log("server running at https://IP_ADDRESS:8001/")
        });

    In app.js you need to specify https and create the server accordingly. Also, make sure that the port you're trying to use is actually allowing inbound traffic.

      Including Points:

      1. SSL setup
        1. In config/local.js
        2. In config/env/production.js

      HTTP and WS handling

      1. The app must run on HTTP in development so we can easily debug our app.
      2. The app must run on HTTPS in production for security concern.
      3. App production HTTP request should always redirect to https.

      SSL configuration

      In Sailsjs there are two ways to configure all the stuff, first is to configure in config folder with each one has their separate files (like database connection regarding settings lies within connections.js ). And second is configure on environment base file structure, each environment files presents in config/env folder and each file contains settings for particular env.

      Sails first looks in config/env folder and then look forward to config/ *.js

      Now lets setup ssl in config/local.js.

      var local = {
         port: process.env.PORT || 1337,
         environment: process.env.NODE_ENV || 'development'
      };
      
      if (process.env.NODE_ENV == 'production') {
          local.ssl = {
              secureProtocol: 'SSLv23_method',
              secureOptions: require('constants').SSL_OP_NO_SSLv3,
              ca: require('fs').readFileSync(__dirname + '/path/to/ca.crt','ascii'),
              key: require('fs').readFileSync(__dirname + '/path/to/jsbot.key','ascii'),
              cert: require('fs').readFileSync(__dirname + '/path/to/jsbot.crt','ascii')
          };
          local.port = 443; // This port should be different than your default port
      }
      
      module.exports = local;

      Alternative you can add this in config/env/production.js too. (This snippet also show how to handle multiple CARoot certi)

      Or in production.js

      module.exports = {
          port: 443,
          ssl: {
              secureProtocol: 'SSLv23_method',
              secureOptions: require('constants').SSL_OP_NO_SSLv3,
              ca: [
                  require('fs').readFileSync(__dirname + '/path/to/AddTrustExternalCARoot.crt', 'ascii'),
                  require('fs').readFileSync(__dirname + '/path/to/COMODORSAAddTrustCA.crt', 'ascii'),
                  require('fs').readFileSync(__dirname + '/path/to/COMODORSADomainValidationSecureServerCA.crt', 'ascii')
              ],
              key: require('fs').readFileSync(__dirname + '/path/to/jsbot.key', 'ascii'),
              cert: require('fs').readFileSync(__dirname + '/path/to/jsbot.crt', 'ascii')
          }
      };

      http/https & ws/wss redirection

      Here ws is Web Socket and wss represent Secure Web Socket, as we set up ssl then now http and ws both requests become secure and transform to https and wss respectively.

      There are many source from our app will receive request like any blog post, social media post but our server runs only on https so when any request come from http it gives “This site can’t be reached” error in client browser. And we loss our website traffic. So we must redirect http request to https, same rules allow for websocket otherwise socket will fails.

      So we need to run same server on port 80 (http), and divert all request to port 443(https). Sails first compile config/bootstrap.js file before lifting server. Here we can start our express server on port 80.

      In config/bootstrap.js (Create http server and redirect all request to https)

      module.exports.bootstrap = function(cb) {
          var express = require("express"),
              app = express();
      
          app.get('*', function(req, res) {  
              if (req.isSocket) 
                  return res.redirect('wss://' + req.headers.host + req.url)  
      
              return res.redirect('https://' + req.headers.host + req.url)  
          }).listen(80);
          cb();
      };

      Now you can visit http://www.yourdomain.com, it will redirect to https://www.yourdomain.com

      This is how its working for me. The redirection used will redirect all the normal http as well.

      const express = require('express');
      const bodyParser = require('body-parser');
      const path = require('path');
      const http = require('http');
      const app = express();
      var request = require('request');
      //For https
      const https = require('https');
      var fs = require('fs');
      var options = {
        key: fs.readFileSync('certificates/private.key'),
        cert: fs.readFileSync('certificates/certificate.crt'),
        ca: fs.readFileSync('certificates/ca_bundle.crt')
      };
      
      // API file for interacting with MongoDB
      const api = require('./server/routes/api');
      
      // Parsers
      app.use(bodyParser.json());
      app.use(bodyParser.urlencoded({ extended: false }));
      
      // Angular DIST output folder
      app.use(express.static(path.join(__dirname, 'dist')));
      
      // API location
      app.use('/api', api);
      
      // Send all other requests to the Angular app
      app.get('*', (req, res) => {
        res.sendFile(path.join(__dirname, 'dist/index.html'));
      });
      app.use(function(req,resp,next){
        if (req.headers['x-forwarded-proto'] == 'http') {
            return resp.redirect(301, 'https://' + req.headers.host + '/');
        } else {
            return next();
        }
      });
      
      
      http.createServer(app).listen(80)
      https.createServer(options, app).listen(443);