Skip to content
Related Articles

Related Articles

HTTPS in Node.js

View Discussion
Improve Article
Save Article
Like Article
  • Last Updated : 14 Oct, 2021

HTTP: When the data transfer in HTTP protocol it just travels in the clear text format. 
HTTPS: It simply makes encryption when the request is traveling from the browser to the web server so it is tough to sniff that information. It basically works on two things: 

  • SSL (Secure Socket Layer)
  • TLS (Transport layer security)

Both of these use a PKI (Public Key Infrastructure) 

  • If you can’t afford an SSL Certificate then the other alternative is that there are a lot of payment service that can provide you an API to integrate in your website i.e you can have your website on a non secure channel (HTTP) and whenever there is a payment then just redirect the user to that payment gateway service.
  • HTTPS is a separate module in Node.js and is used to communicate over a secure channel with the client. HTTPS is the HTTP protocol on top of SSL/TLS(secure HTTP protocol).

There are various advantages to this additional layer: 

  • Integrity and Confidentiality are guaranteed, as the connection is encrypted in an asymmetric manner.
  • We get authentication by having keys and certificates.

An Example to setup HTTPS server with Node.Js is as follows: 

  • We will first create an homepage.html file, this homepage.html file will have an HTML code of creating a web page i.e the page that will be displayed when the user asks for it or enter the URL of the same.
  • homepage.html file will also have a resource homepage.css
  • When the browser tries to get the resource homepage.css it will throw it to the server, the server will create a response header, so the browser knows how to parse the file.
  • The code shown below is written in a third file saved as .js file.



(function() {
// Reading and writing to files in Node.js
// working with directories or file system
var fs = require("fs"); 
// Responsible for creating HTTPS server
// taking options for the server
// options like where your certificates 
// and private key files are located
// also take actual request and response server
// code for parsing web pages from files
var https = require("https");
// Helps with mimetypes in creating our response header
var path = require("path"); 
// "text/css" is added in response header 
// so browser knows how to handle it 
var mimetypes = {
// Options is used by the servers
// pfx handles the certificate file
var options = {
    pfx: fs.readFileSync("ssl/cert.pfx"),
    passphrase: "encrypted"
var server = https.createServer(options, function(request, response) {
    // If the url is empty
    if (request.url == "" || request.url == "/") {
        request.url = "homepage.html";
    // __dirname is the directory where we are getting
    // these files from __dirname holds the file route
    // request.url is the index.html we made earlier
    // function is the callback function that holds two
    // parameters
    fs.readFile(__dirname + "/" + request.url, function(err, content) {
        if (err) { 
            console.log("Error: " + err);
            // 200 is code for OK
            // content-Type is the object or the content header
        // This will send our response back to the browser
server.listen("port number", "IP Address", function() {
    console.log("Server has started!");

Output: Whatever the port number and IP Address is given to the server.listen it will execute that only web page whenever requested. And this web page will be an HTTPS.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!