HTTP: When the data is transferred in HTTP protocol it just travels in the clear text format.
HTTPS: It simply encrypts the request from the browser to the web server, so it is tough to sniff that information. It basically works on two things:
- SSL (Secure Socket Layer)
- TLS (Transport layer security)
Both of these use a PKI (Public Key Infrastructure)
- If you can't afford an SSL Certificate then the other alternative is that there are a lot of payment services that can provide you an API to integrate into your website i.e you can have your website on a nonsecure channel (HTTP) and whenever there is a payment then redirect the user to that payment gateway service.
- HTTPS is a separate module in Node.js and is used to communicate over a secure channel with the client. HTTPS is the HTTP protocol on top of SSL/TLS(secure HTTP protocol).
There are various advantages to this additional layer:
- Integrity and Confidentiality are guaranteed, as the connection is encrypted in an asymmetric manner.
- We get authentication by having keys and certificates.
An Example of setting up an HTTPS server with Node.Js is as follows:
- We will first create an homepage.html file, this homepage.html file will have an HTML code for creating a web page i.e the page that will be displayed when the user asks for it or enter the URL of the same.
- homepage.html file will also have a resource homepage.css
- When the browser tries to get the resource homepage.css it will throw it to the server, the server will create a response header, so the browser knows how to parse the file.
- The code below is written in a third file saved as a .js file.
Example 1: In this example, we will set up an HTTPS server with NodeJs.
javascript
(function() {
// Reading and writing to files in Node.js
// working with directories or file system
const fs = require("fs");
// Responsible for creating HTTPS server
// taking options for the server
// options like where your certificates
// and private key files are located
// also take actual request and response server
// code for parsing web pages from files
const https = require("https");
// Helps with mimetypes in creating our response header
const path = require("path");
// "text/css" is added in response header
// so browser knows how to handle it
let mimetypes = {
"css":"text/css",
"html":"text/html"
};
// Options is used by the servers
// pfx handles the certificate file
let options = {
pfx: fs.readFileSync("ssl/cert.pfx"),
passphrase: "encrypted"
};
let server = https.createServer(options, function(request, response) {
// If the url is empty
if (request.url == "" || request.url == "/") {
request.url = "homepage.html";
}
// __dirname is the directory where we are getting
// these files from __dirname holds the file route
// request.url is the index.html we made earlier
// function is the callback function that holds two
// parameters
fs.readFile(__dirname + "/" + request.url, function(err, content) {
if (err) {
console.log("Error: " + err);
}
else {
// 200 is code for OK
// content-Type is the object or the content header
response.writeHead(200,
{ 'Content-Type': mimetypes[path.extname(request.url).split(".")[1]] });
response.write(content);
}
// This will send our response back to the browser
response.end();
});
});
server.listen("port number", "IP Address", function() {
console.log("Server has started!");
});
})();
Output: Whatever the port number and IP Address are given to the server.listen it will execute that only web page whenever requested. And this web page will be HTTPS.
Similar Reads
Node.js Basics NodeJS is a JavaScript runtime environment built on Chrome’s V8 JavaScript engine that allows developers to execute JavaScript code outside the browser. It can make console-based and web-based NodeJS applications. Some of the features of the NodeJs are mentioned below:Non-blocking I/O: NodeJS is asy
5 min read
Use of CORS in Node.js The word CORS stands for "Cross-Origin Resource Sharing". Cross-Origin Resource Sharing is an HTTP-header based mechanism implemented by the browser which allows a server or an API(Application Programming Interface) to indicate any origins (different in terms of protocol, hostname, or port) other th
4 min read
JWT Authentication In Node.js In modern web development, ensuring secure and efficient user authentication is paramount. JSON Web Tokens (JWT) offer a robust solution for token-based authentication, enabling secure transmission of user information between parties. This article provides a step-by-step approach to implementing JWT
3 min read
NodeJS HTTP Module In NodeJS, the HTTP module is a core built-in module that enables developers to create and manage HTTP servers. It plays a crucial role in handling server-side HTTP requests and responses, allowing for seamless communication between clients and servers. In this article, we will dive into the NodeJS
5 min read
Node.js https.request() Function Https request function in Node is used to make the http request over secure http or https. It provide more control to the request like setting headers, http methods, adding request data and handle the responses.https.request(options, callback)It is a part of https module and allows to send different
2 min read