Nodejs Creating an HTTPS server
The zero-based NODEJS series article will show you how to benefit JavaScript as a server-side script through NODEJS Framework web development. The NODEJS framework is a V8-based engine and is the fastest JavaScript engine available today. The Chrome browser is based on V8, and opening 20-30 pages is a smooth one. The NODEJS Standard Web Development Framework Express helps us quickly build web sites that are more efficient than PHP and have a lower learning curve. Very suitable for small websites, personalization sites, our own Geek website!!
About the author
- Zhang Dan (Conan), programmer Java,r,php,javascript
- Weibo: @Conan_Z
- Blog:http://blog.fens.me
- Email: [Email protected]
Reprint please specify the source:
http://blog.fens.me/nodejs-https-server/
Objective
Internet applications more and more, network security issues should be worth attention, especially for the online payment business site! In order to keep the user's account secure, the HTTPS protocol should be used instead of the HTTP protocol to maintain encryption at the data transfer layer.
Most U.S. websites, when it comes to personal information, will be rejected by most users if they do not provide HTTPS services. When will Chinese netizens have this kind of consciousness?
Directory
- Introduction to HTTP and HTTPS
- Creating an HTTPS server with Nodejs (Win7)
- Creating an HTTPS server with Nodejs (Linux)
- Fetch requests, verify encryption
1. HTTP and HTTPS introduction
HTTP: Hypertext Transfer Protocol (Http-hypertext Transfer Protocol) is a rule that specifies the communication between the browser and the World Wide Web server, transmitting the data transfer Protocol of the World Wide Web document over the Internet.
HTTPS: (Full name: Hypertext Transfer Protocol over secure Socket Layer), is a security-targeted HTTP channel, simply speaking is the security version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption needs SSL. It is a URI scheme (abstract identifier system) with syntax similar to http: System. For secure HTTP data transfer. Https:url indicates that it uses HTTP, but HTTPS has a different default port than HTTP and an encryption/authentication layer (between HTTP and TCP). The initial development of the system, conducted by Netscape, provides an authentication and encryption method of communication, which is now widely used in security-sensitive communications on the World Wide Web, such as transaction payments.
The difference between HTTPS and HTTP
- The HTTPS protocol requires a certificate to be applied to the CA, and the general free certificate is very small and requires a fee.
- HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption transport protocol.
- HTTP and HTTPS use a completely different connection, the same port, the former is 80, the latter is 443.
- The HTTP connection is simple and stateless; The HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.
Introduction to HTTP and HTTPS, excerpt from http://baike.baidu.com/view/14121.htm
In Nodejs, we can implement HTTPS servers through the built-in HTTPS libraries.
Nodejs HTTPS usage Documentation: http://nodejs.org/api/https.html
2. Creating an HTTPS server with Nodejs (Win7)
System environment
- Win7 64bit
- ip:192.168.1.13
- nodejs:v0.10.5
- npm:1.2.19
Create an express development environment
~ D:\workspace\javascript>express -e nodejs-https~ D:\workspace\javascript>cd nodejs-https && npm install[email protected] node_modules\ejs[email protected] node_modules\express├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected] ([email protected])└── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
I have installed the GIT client msysgit locally, which includes the OpenSSL program.
~ D:\workspace\javascript\nodejs-https>git --versiongit version 1.8.1.msysgit.1~ D:\workspace\javascript\nodejs-https>openssl version -aOpenSSL 0.9.8e 23 Feb 2007built on: Sat Sep 15 20:34:58 EDT 2007platform: MSysoptions: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)compiler: gcc -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -D__CYGWIN__ -fomit-frame-pointer -fnative-struct -O3 -mcpu=pentium -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASMOPENSSLDIR: "/usr/ssl"
OpenSSL generates a certificate file
#生成私钥key文件: ~ D:\workspace\javascript\nodejs-https>openssl genrsa-out PRIVATEKEY.PEM 1024Generating RSA private key , modulus...........................++++++........++++++e bit Long is 65537 (0x10001) #通过私钥生成CSR证书签名 ~ D:\workspace \javascript\nodejs-https>openssl Req-new-key privatekey.pem-out Certrequest.csryou is about to being asked to enter in Formation that'll be incorporatedinto your certificate request. What's about-to-enter is called a distinguished Name or a DN. There is quite a few fields but can leave some blankfor some fields there would be a default value,if you enter '. ', t He field would be a left blank.-----Country Name (2 letter code) [Au]:cnstate or province name (full name) [Some-state]:beiji Nglocality name (eg, city) []:beijingorganization name (eg, company) [Internet widgits Pty ltd]:fens.meorganizational Unit Name (eg, section) []:fens.mecommon name (eg, YOUR name) []:conan zhangemail Address []:[email protected]please ente R the FollowinG ' Extra ' attributesto is sent with your certificate Requesta challenge password []:an optional company name []:# via private key and certificate signing Name Generate certificate file ~ D:\workspace\javascript\nodejs-https>openssl x509-req-in certrequest.csr-signkey privatekey.pem-out Certificate.pemsignature Oksubject=/c=cn/st=beijing/l=beijing/o=fens.me/ou=fens.me/cn=conan Zhang/[email Protected]getting Private Key
The freshmen became 3 files: Certificate.pem, CERTREQUEST.CSR, Privatekey.pem
~ D:\workspace\javascript\nodejs-https>ls -ltotal 17-rwx------ 1 4294967295 mkpasswd 877 Dec 14 10:53 app.js-rwx------ 1 4294967295 mkpasswd 956 Dec 14 11:22 certificate.pem-rwx------ 1 4294967295 mkpasswd 704 Dec 14 11:21 certrequest.csrdrwx------+ 1 4294967295 mkpasswd 0 Dec 14 11:10 node_modules-rwx------ 1 4294967295 mkpasswd 216 Dec 14 11:03 package.json-rwx------ 1 4294967295 mkpasswd 887 Dec 14 11:20 privatekey.pemdrwx------+ 1 4294967295 mkpasswd 0 Dec 14 10:53 publicdrwx------+ 1 4294967295 mkpasswd 0 Dec 14 10:53 routesdrwx------+ 1 4294967295 mkpasswd 0 Dec 14 10:53 views
- PRIVATEKEY.PEM: Private key
- Certrequest.csr:CSR Certificate Signing
- CERTIFICATE.PEM: Certificate file
Modify Startup file: App.js
~ vi app.js//最下面var https = require(‘https‘) ,fs = require("fs");var options = { key: fs.readFileSync(‘./privatekey.pem‘), cert: fs.readFileSync(‘./certificate.pem‘)};https.createServer(options, app).listen(3011, function () { console.log(‘Https server listening on port ‘ + 3011);});
Start the server:
~ D:\workspace\javascript\nodejs-https>node app.jsExpress server listening on port 3000Https server listening on port 3011
Open Browser: HTTP access
HTTPS access
View certificates
Because our certificates are created by ourselves and are not validated by a third-party organization, a warning appears. You can go to a qualified network operator, to apply for their own certificates. For example: GoDaddy SSL certificates, coupon code:wowfensme
This allows us to create a full HTTPS server in Win7.
3. Creating an HTTPS server with Nodejs (Linux)
The creation process is similar to Win7
System environment
- Linux:ubuntu 12.04.2 LTS 64bit Deskop
- ip:192.168.1.20
- NODEJS:NPM 1.2.21
- Node v0.11.2
Create an Express project
~ cd /home/conan/nodejs~ express -e nodejs-https~ cd nodejs-https~ sudo npm install
Generate a certificate file with OpenSSL
~ OpenSSL version-aopenssl 1.0.1 2012built on:tue June 4 07:26:06 UTC 2013platform:debian-amd64option S:bn (64,64) RC4 (16x,int) des (idx,cisc,16,int) blowfish (IDX) compiler:cc-fpic-dopenssl_pic-dzlib-dopenssl_threads-d _reentrant-ddso_dlfcn-dhave_dlfcn_h-m64-dl_endian-dtermio-g-o2-fstack-protector--param=ssp-buffer-size=4- Wformat-wformat-security-werror=format-security-d_fortify_source=2-wl,-bsymbolic-functions-wl,-z,relro-wa,-- Noexecstack-wall-dopenssl_no_tls1_2_client-dopenssl_max_tls1_2_cipher_length=50-dmd32_reg_t=int-dopenssl_ia32_ Sse2-dopenssl_bn_asm_mont-dopenssl_bn_asm_mont5-dopenssl_bn_asm_gf2m-dsha1_asm-dsha256_asm-dsha512_asm-dmd5_ Asm-daes_asm-dvpaes_asm-dbsaes_asm-dwhirlpool_asm-dghash_asmopenssldir: "/usr/lib/ssl" ~ OpenSSL genrsa-out Privatekey.pem 1024~ OpenSSL req-new-key privatekey.pem-out certrequest.csr ~ OpenSSL x509-req-in certrequest.csr-si Gnkey privatekey.pem-out Certificate.pem
Modify File App.js
~ vi app.js//在最下面var https = require(‘https‘) ,fs = require("fs");var options = { key: fs.readFileSync(‘./privatekey.pem‘), cert: fs.readFileSync(‘./certificate.pem‘)};https.createServer(options, app).listen(3011, function () { console.log(‘Https server listening on port ‘ + 3011);});
Start the server
~ node app.jsExpress server listening on port 3000Https server listening on port 3011
Open your browser:
4. Fetch the request, verify the encryption
To verify that the data is encrypted during transmission, we use Wireshark to crawl the network packets.
HTTP request: http://192.168.1.20:3000/users?a=111
HTTPS Request: https://192.168.1.20:3011/users?a=112
Under HTTP, the URL request parameter is exposed. Under HTTPS, the request parameters for the URL are encrypted. Therefore, want to fill in the personal information, and online payment of the website, all the HTTPS server to build up. Prevents private data from being acquired during the transmission of the network.
Reprint please specify the source:
http://blog.fens.me/nodejs-https-server/
This entry is posted in JavaScript language practice, network technology
Sponsor advertisement (purchase)
Pingback:nodejs Learning Roadmap | Fan log ()
- Willin Wang
Mark
- Min
mark!
- Wretchy
Mark
- Lenchs
Mark
- helloqiu
Hello, I have a use express created HTTPS, but do not know is always unknown inaccessible, process and port are normal, is the webpage can not open, the following is the code:
var app = Express ();
App.get ('/A ', function (req, res) {...});
App.get ('/b ', function (req, res) {...});
var credentials = {
Key:fs.readFileSync (' k.key ', ' UTF8 '),
Cert:fs.readFileSync (' c.crt ', ' UTF8 '),
Passphrase: ' **************** '
}
Https.createserver (credentials, app). Listen (1234);
- fuchao2012
Working with the crawls in HTTPS. Helps alot.
- Skytouchzyt
Why am I creating https locally that can be accessed and uploaded to the server to create a prompt for SSL connection errors?
- which
Hi, I got a SKYRTC demo,https://github.com/lingyucoder/skyrtc-demo on GitHub.
Ready to add SSL when not all, I have tried a lot of version of the method, read a lot of YouTube video, or not, can you help me?
This is the demo code.
var express = require (' Express ');
var app = Express ();
var server = require (' http '). Createserver (APP);
var SKYRTC = require (' SKYRTC '). Listen (server);
var path = require ("path");
var port = Process.env.PORT | | 3000;
Server.listen (port);
The following is what I tested.
/*
var express = require (' Express ');
var app = Express ();
Const HTTPS = require (' https ');//.createserver (app);
Const FS = require (' FS ');
var path = require ("path");
var options = {
Key:fs.readFileSync ('./privatekey.pem '),
Cert:fs.readFileSync ('. Server.pem ')
};
Const SERVER = https.createserver (options, app);
var SKYRTC = require (' SKYRTC '). Listen (server);
var port = Process.env.PORT | | 80;
Server.listen (port);
*/
/*
var express = require (' Express ');
var app = Express ();
var path = require ("path");
Const FS = require (' FS ');
var options = {
Key:fs.readFileSync ('./privatekey.pem '),
Cert:fs.readFileSync ('. Server.pem ')
};
var server = require (' https '). Createserver (options, app);
var SKYRTC = require (' SKYRTC '). Listen (server);
var port = Process.env.PORT | | 80;
Server.listen (port);
*/
/*44444
var express = require (' Express ');
var path = require ("path");
Const HTTPS = require (' HTTPS ')
, FS = require (' FS ');
Const OPTIONS = {
Key:fs.readFileSync ('./privatekey.pem '),
Cert:fs.readFileSync ('. Server.pem ')
};
Const SERVER = Https.createserver (options, (req, res) = = {
Res.sendfile (__dirname + '/index.html ');
}). Listen (80);
var app = Express ();
Server.on (' request ', app);
Server.listen (80)
var SKYRTC = require (' SKYRTC '). Listen (server);
*/
Add SSL after all the pages are not open, no error.
Please help me take a look, thank you
Nodejs Creating an HTTPS server