Skip to content

Latest commit



146 lines (121 loc) · 3.42 KB

File metadata and controls

146 lines (121 loc) · 3.42 KB


  • Exploring the use of the HTTPS server core node module to create and run a secure server and generating your private key and public certificate and use them to configure the Node HTTPS server.
    • Configure a secure server in Node using the core HTTPS module
    • Generate the private key and public certificate and configure the HTTPS server
    • Redirect traffic from the insecure HTTP server to a secure HTTPS server.

Updating the bin/www File

  • Open the www file in the bin directory and update its contents as follows:
#!/usr/bin/env node
 * Module dependencies.

var app = require('../app');
var debug = require('debug')('rest-server:server');
var http = require('http');
var https = require('https');
var fs = require('fs');

 * Get port from environment and store in Express.

var port = normalizePort(process.env.PORT || '3000');

app.set('port', port);

 * Create HTTP server.

var server = http.createServer(app);

 * Listen on provided port, on all network interfaces.

server.listen(port, function() {
   console.log('Server listening on port ',port);
server.on('error', onError);
server.on('listening', onListening);

 * Create HTTPS server.
 */ var options = {
  key: fs.readFileSync(__dirname+'/private.key'),
  cert: fs.readFileSync(__dirname+'/certificate.pem')

var secureServer = https.createServer(options,app);

 * Listen on provided port, on all network interfaces.

secureServer.listen(app.get('secPort'), function() {
   console.log('Server listening on port ',app.get('secPort'));
secureServer.on('error', onError);
secureServer.on('listening', onListening);

 * Normalize a port into a number, string, or false.

function normalizePort(val) {
  var port = parseInt(val, 10);
  if (isNaN(port)) {
    // named pipe
    return val;
  if (port >= 0) {
    // port number
    return port;
  return false;

 * Event listener for HTTP server "error" event.

function onError(error) {
  if (error.syscall !== 'listen') {
    throw error;
  var bind = typeof port === 'string'
    ? 'Pipe ' + port
    : 'Port ' + port;

  // handle specific listen errors with friendly messages
  switch (error.code) {
    case 'EACCES':
      console.error(bind + ' requires elevated privileges');

    case 'EADDRINUSE':
      console.error(bind + ' is already in use');

      throw error;

 * Event listener for HTTP server "listening" event.

function onListening() {
  var addr = server.address();
  var bind = typeof addr === 'string'
    ? 'pipe ' + addr
    : 'port ' + addr.port;
  debug('Listening on ' + bind);
  • Updating app.js
  • Open app.js and add the following code to the file:
// Secure traffic only
app.all('*', function(req, res, next){
    console.log('req start: ',, req.hostname, req.url, app.get('port'
  if ( {
    return next();


Generating Private Key and Certificate

  • Go to the bin folder and then create the private key and certificate by typing the following at the prompt:
openssl genrsa 1024 > private.key
openssl req -new -key private.key -out cert.csr
openssl x509 -req -in cert.csr -signkey private.key -out certificate.pem

Run the server and test.