Node, Express, SSL Certificate: Run HTTPS Server from scratch in 5 steps
I've decided to write about this tutorial after I struggled while I was...
For further actions, you may consider blocking this person and/or reporting abuse
It is best practice to put Node behind Nginx or Apache for several reasons:
Thanks!
Well in my experience, it is much better to run Node server behind the defense line of Apache or Nginx server.
Both provides easy way of handling multiple web apps of different kinds with a most trusted security around the world ;)...
It's probably a better way to do, yet tutorial is about serving directly on Node with a certificate. Thanks :)
Followed every single step. Great article.
Thanks! I'm glad.
Why don't use nginx instead ?
or is there any advantage of this over nginx ?
I don't think this is a better way, this way is only for the cases Apache or nginx is not available to use, I've used this approach for quick and dirty development + staging environment when I've recently created one of my test projects.
I recommend to put express server behind another layer such as nginx in production as @rahmatalimalik5 mentioned.
Why not to wrap components into containers (docker), start them as a stack and add one more component - proxy server based on smth like Caddy, that will give you pretty simple and smooth https with built in certificates from let's encrypt?
Maybe it's simpler or not. I am not experienced on that, please do write a tutorial about it so I can use it in the future, too. Thanks!
Personally I would avoid handling certs in Node, if possible.. that stuff should be handled by the webserver forwarding traffic to your Node application.
Can you give further details about your reasons, please? I would like to learn more about the reason behind it.
Hi, sorry for my late reply.
So there are a lot of reasons for taking out certificate handling from your application.
I could list many of the reasons here, but it's easier for me to refer to this article which explains lots of the issues: medium.com/intrinsic/why-should-i-...
tldr; :
Thanks for your further explanation, I will check them out!
Hi Omer, very great article and guide - very generous of you. My only little issue with this is the oversight from your part to suggest, as pointed out in the comments, that there is another evidently better method of handling ssl certificates in a node.js setup.
I was about to delve in and start searching for the location of my private keys and certificate in my vps (for it already has an installed and paid for certificate) till I decided to check the comments here and realized that indeed there is a better way than exposing my private keys in my app and its many third party packages.
Please suggest to future readers, preferably at the top of the article, that there is another method of implementing this and it is recommended for performance, security and scalability.
Thank you for your effort and great article.
This thread is pretty old, but just for the sake of saying it, I believe the author was just trying to demonstrate a method of add SSL to Express NodeJs. It was not about good practice in a production environment. It was meant to simply show someone a quick and dirty way to spin up SSL in Express.
As professional developers I think sometimes we forget that not everyone has access to the same resources we may or may not take for granted. I read these articles because I can spend two minutes and get to the nut of what I"m looking for. if we all had to spend 500 words in disclaimer in each article then I for one would simply start skipping the first 500 words and read on.
Just please remember these articles are just about How-To, not Best To.
Thank you for your contribution and I'm sure their are a great many people that have found your explanation most helpful !!!
I'm having problem accessing my app with https, I'm getting ERR_SSL_PROTOCOL_ERROR.
could you please help me fix it
hey article is in depth, really a good content. I need to use http2 with SSL can you guide us.
Thank you very much for the article, it helped me a lot!
Thanks! Though, it looks like you've added this bit twice causing an error: