Nodejs Creating an HTTPS server

Source: Internet
Author: User
Tags openssl version openssl x509 csr certificate git client ssl connection

Nodejs Creating an HTTPS server

The zero-based NODEJS series article will show you how to benefit JavaScript as a server-side script through NODEJS Framework web development. The NODEJS framework is a V8-based engine and is the fastest JavaScript engine available today. The Chrome browser is based on V8, and opening 20-30 pages is a smooth one. The NODEJS Standard Web Development Framework Express helps us quickly build web sites that are more efficient than PHP and have a lower learning curve. Very suitable for small websites, personalization sites, our own Geek website!!

About the author

    • Zhang Dan (Conan), programmer Java,r,php,javascript
    • Weibo: @Conan_Z
    • Blog:http://blog.fens.me
    • Email: [Email protected]

Reprint please specify the source:
http://blog.fens.me/nodejs-https-server/

Objective

Internet applications more and more, network security issues should be worth attention, especially for the online payment business site! In order to keep the user's account secure, the HTTPS protocol should be used instead of the HTTP protocol to maintain encryption at the data transfer layer.

Most U.S. websites, when it comes to personal information, will be rejected by most users if they do not provide HTTPS services. When will Chinese netizens have this kind of consciousness?

Directory

    1. Introduction to HTTP and HTTPS
    2. Creating an HTTPS server with Nodejs (Win7)
    3. Creating an HTTPS server with Nodejs (Linux)
    4. Fetch requests, verify encryption
1. HTTP and HTTPS introduction

HTTP: Hypertext Transfer Protocol (Http-hypertext Transfer Protocol) is a rule that specifies the communication between the browser and the World Wide Web server, transmitting the data transfer Protocol of the World Wide Web document over the Internet.

HTTPS: (Full name: Hypertext Transfer Protocol over secure Socket Layer), is a security-targeted HTTP channel, simply speaking is the security version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption needs SSL. It is a URI scheme (abstract identifier system) with syntax similar to http: System. For secure HTTP data transfer. Https:url indicates that it uses HTTP, but HTTPS has a different default port than HTTP and an encryption/authentication layer (between HTTP and TCP). The initial development of the system, conducted by Netscape, provides an authentication and encryption method of communication, which is now widely used in security-sensitive communications on the World Wide Web, such as transaction payments.

The difference between HTTPS and HTTP

    • The HTTPS protocol requires a certificate to be applied to the CA, and the general free certificate is very small and requires a fee.
    • HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption transport protocol.
    • HTTP and HTTPS use a completely different connection, the same port, the former is 80, the latter is 443.
    • The HTTP connection is simple and stateless; The HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.

Introduction to HTTP and HTTPS, excerpt from http://baike.baidu.com/view/14121.htm

In Nodejs, we can implement HTTPS servers through the built-in HTTPS libraries.

Nodejs HTTPS usage Documentation: http://nodejs.org/api/https.html

2. Creating an HTTPS server with Nodejs (Win7)

System environment

    • Win7 64bit
    • ip:192.168.1.13
    • nodejs:v0.10.5
    • npm:1.2.19

Create an express development environment

~ D:\workspace\javascript>express -e  nodejs-https~ D:\workspace\javascript>cd nodejs-https && npm install[email protected] node_modules\ejs[email protected] node_modules\express├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected]├── [email protected] ([email protected])└── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected])

I have installed the GIT client msysgit locally, which includes the OpenSSL program.

~ D:\workspace\javascript\nodejs-https>git --versiongit version 1.8.1.msysgit.1~ D:\workspace\javascript\nodejs-https>openssl version -aOpenSSL 0.9.8e 23 Feb 2007built on: Sat Sep 15 20:34:58 EDT 2007platform: MSysoptions:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)compiler: gcc -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS  -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -D__CYGWIN__ -fomit-frame-pointer -fnative-struct -O3 -mcpu=pentium -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASMOPENSSLDIR: "/usr/ssl"

OpenSSL generates a certificate file

#生成私钥key文件: ~ D:\workspace\javascript\nodejs-https>openssl genrsa-out PRIVATEKEY.PEM 1024Generating RSA private key , modulus...........................++++++........++++++e bit Long is 65537 (0x10001) #通过私钥生成CSR证书签名 ~ D:\workspace \javascript\nodejs-https>openssl Req-new-key privatekey.pem-out Certrequest.csryou is about to being asked to enter in Formation that'll be incorporatedinto your certificate request. What's about-to-enter is called a distinguished Name or a DN. There is quite a few fields but can leave some blankfor some fields there would be a default value,if you enter '. ', t He field would be a left blank.-----Country Name (2 letter code) [Au]:cnstate or province name (full name) [Some-state]:beiji  Nglocality name (eg, city) []:beijingorganization name (eg, company) [Internet widgits Pty ltd]:fens.meorganizational Unit Name (eg, section) []:fens.mecommon name (eg, YOUR name) []:conan zhangemail Address []:[email protected]please ente R the FollowinG ' Extra ' attributesto is sent with your certificate Requesta challenge password []:an optional company name []:# via private key and certificate signing Name Generate certificate file ~ D:\workspace\javascript\nodejs-https>openssl x509-req-in certrequest.csr-signkey privatekey.pem-out Certificate.pemsignature Oksubject=/c=cn/st=beijing/l=beijing/o=fens.me/ou=fens.me/cn=conan Zhang/[email  Protected]getting Private Key

The freshmen became 3 files: Certificate.pem, CERTREQUEST.CSR, Privatekey.pem

~ D:\workspace\javascript\nodejs-https>ls -ltotal 17-rwx------  1 4294967295 mkpasswd 877 Dec 14 10:53 app.js-rwx------  1 4294967295 mkpasswd 956 Dec 14 11:22 certificate.pem-rwx------  1 4294967295 mkpasswd 704 Dec 14 11:21 certrequest.csrdrwx------+ 1 4294967295 mkpasswd   0 Dec 14 11:10 node_modules-rwx------  1 4294967295 mkpasswd 216 Dec 14 11:03 package.json-rwx------  1 4294967295 mkpasswd 887 Dec 14 11:20 privatekey.pemdrwx------+ 1 4294967295 mkpasswd   0 Dec 14 10:53 publicdrwx------+ 1 4294967295 mkpasswd   0 Dec 14 10:53 routesdrwx------+ 1 4294967295 mkpasswd   0 Dec 14 10:53 views
    • PRIVATEKEY.PEM: Private key
    • Certrequest.csr:CSR Certificate Signing
    • CERTIFICATE.PEM: Certificate file

Modify Startup file: App.js

~ vi app.js//最下面var https = require(‘https‘)    ,fs = require("fs");var options = {    key: fs.readFileSync(‘./privatekey.pem‘),    cert: fs.readFileSync(‘./certificate.pem‘)};https.createServer(options, app).listen(3011, function () {    console.log(‘Https server listening on port ‘ + 3011);});

Start the server:

~ D:\workspace\javascript\nodejs-https>node app.jsExpress server listening on port 3000Https server listening on port 3011

Open Browser: HTTP access

HTTPS access

View certificates

Because our certificates are created by ourselves and are not validated by a third-party organization, a warning appears. You can go to a qualified network operator, to apply for their own certificates. For example: GoDaddy SSL certificates, coupon code:wowfensme

This allows us to create a full HTTPS server in Win7.

3. Creating an HTTPS server with Nodejs (Linux)

The creation process is similar to Win7

System environment

    • Linux:ubuntu 12.04.2 LTS 64bit Deskop
    • ip:192.168.1.20
    • NODEJS:NPM 1.2.21
    • Node v0.11.2

Create an Express project

~ cd /home/conan/nodejs~ express -e  nodejs-https~ cd nodejs-https~ sudo npm install

Generate a certificate file with OpenSSL

  ~ OpenSSL version-aopenssl 1.0.1 2012built on:tue June 4 07:26:06 UTC 2013platform:debian-amd64option S:bn (64,64) RC4 (16x,int) des (idx,cisc,16,int) blowfish (IDX) compiler:cc-fpic-dopenssl_pic-dzlib-dopenssl_threads-d _reentrant-ddso_dlfcn-dhave_dlfcn_h-m64-dl_endian-dtermio-g-o2-fstack-protector--param=ssp-buffer-size=4- Wformat-wformat-security-werror=format-security-d_fortify_source=2-wl,-bsymbolic-functions-wl,-z,relro-wa,-- Noexecstack-wall-dopenssl_no_tls1_2_client-dopenssl_max_tls1_2_cipher_length=50-dmd32_reg_t=int-dopenssl_ia32_ Sse2-dopenssl_bn_asm_mont-dopenssl_bn_asm_mont5-dopenssl_bn_asm_gf2m-dsha1_asm-dsha256_asm-dsha512_asm-dmd5_ Asm-daes_asm-dvpaes_asm-dbsaes_asm-dwhirlpool_asm-dghash_asmopenssldir: "/usr/lib/ssl" ~ OpenSSL genrsa-out Privatekey.pem 1024~ OpenSSL req-new-key privatekey.pem-out certrequest.csr ~ OpenSSL x509-req-in certrequest.csr-si Gnkey privatekey.pem-out Certificate.pem  

Modify File App.js

~ vi app.js//在最下面var https = require(‘https‘)    ,fs = require("fs");var options = {    key: fs.readFileSync(‘./privatekey.pem‘),    cert: fs.readFileSync(‘./certificate.pem‘)};https.createServer(options, app).listen(3011, function () {    console.log(‘Https server listening on port ‘ + 3011);});

Start the server

~ node app.jsExpress server listening on port 3000Https server listening on port 3011

Open your browser:

4. Fetch the request, verify the encryption

To verify that the data is encrypted during transmission, we use Wireshark to crawl the network packets.

HTTP request: http://192.168.1.20:3000/users?a=111

HTTPS Request: https://192.168.1.20:3011/users?a=112

Under HTTP, the URL request parameter is exposed. Under HTTPS, the request parameters for the URL are encrypted. Therefore, want to fill in the personal information, and online payment of the website, all the HTTPS server to build up. Prevents private data from being acquired during the transmission of the network.

Reprint please specify the source:
http://blog.fens.me/nodejs-https-server/

This entry is posted in JavaScript language practice, network technology

Sponsor advertisement (purchase)
  • Pingback:nodejs Learning Roadmap | Fan log ()

  • Willin Wang

    Mark

  • Min

    mark!

  • Wretchy

    Mark

  • Lenchs

    Mark

  • helloqiu

    Hello, I have a use express created HTTPS, but do not know is always unknown inaccessible, process and port are normal, is the webpage can not open, the following is the code:
    var app = Express ();
    App.get ('/A ', function (req, res) {...});
    App.get ('/b ', function (req, res) {...});
    var credentials = {
    Key:fs.readFileSync (' k.key ', ' UTF8 '),
    Cert:fs.readFileSync (' c.crt ', ' UTF8 '),
    Passphrase: ' **************** '
    }
    Https.createserver (credentials, app). Listen (1234);

    • conan Zhang

      Try it out by configuring it in the article first.

  • fuchao2012

    Working with the crawls in HTTPS. Helps alot.

    • Conan Zhang

      , hey!

  • Skytouchzyt

    Why am I creating https locally that can be accessed and uploaded to the server to create a prompt for SSL connection errors?

    • Conan Zhang

      The certificate is not configured, is it?

  • which

    Hi, I got a SKYRTC demo,https://github.com/lingyucoder/skyrtc-demo on GitHub.
    Ready to add SSL when not all, I have tried a lot of version of the method, read a lot of YouTube video, or not, can you help me?
    This is the demo code.

    var express = require (' Express ');
    var app = Express ();
    var server = require (' http '). Createserver (APP);
    var SKYRTC = require (' SKYRTC '). Listen (server);
    var path = require ("path");
    var port = Process.env.PORT | | 3000;
    Server.listen (port);

    The following is what I tested.

    /*

    var express = require (' Express ');

    var app = Express ();

    Const HTTPS = require (' https ');//.createserver (app);

    Const FS = require (' FS ');

    var path = require ("path");

    var options = {

    Key:fs.readFileSync ('./privatekey.pem '),

    Cert:fs.readFileSync ('. Server.pem ')

    };

    Const SERVER = https.createserver (options, app);

    var SKYRTC = require (' SKYRTC '). Listen (server);

    var port = Process.env.PORT | | 80;

    Server.listen (port);

    */

    /*

    var express = require (' Express ');

    var app = Express ();

    var path = require ("path");

    Const FS = require (' FS ');

    var options = {

    Key:fs.readFileSync ('./privatekey.pem '),

    Cert:fs.readFileSync ('. Server.pem ')

    };

    var server = require (' https '). Createserver (options, app);

    var SKYRTC = require (' SKYRTC '). Listen (server);

    var port = Process.env.PORT | | 80;

    Server.listen (port);

    */

    /*44444

    var express = require (' Express ');

    var path = require ("path");

    Const HTTPS = require (' HTTPS ')

    , FS = require (' FS ');

    Const OPTIONS = {

    Key:fs.readFileSync ('./privatekey.pem '),

    Cert:fs.readFileSync ('. Server.pem ')

    };

    Const SERVER = Https.createserver (options, (req, res) = = {

    Res.sendfile (__dirname + '/index.html ');

    }). Listen (80);

    var app = Express ();

    Server.on (' request ', app);

    Server.listen (80)

    var SKYRTC = require (' SKYRTC '). Listen (server);

    */

    Add SSL after all the pages are not open, no error.
    Please help me take a look, thank you

      • Conan Zhang

        I'm sorry I'm not familiar with SKYRTC.
        If you have a problem with this configuration, you can also try to handle HTTPS requests in front of the previous nginx, Nginx and node with HTTP connection.

        • which

          My side has been resolved, but thank you very much for taking the time to reply. Thank you!

          • Conan Zhang

            Haha, very good, the solution is good.

Nodejs Creating an HTTPS server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.