0
0
ExpressHow-ToBeginner · 4 min read

How to Enable HTTPS in Express: Simple Setup Guide

To enable https in Express, use Node.js's built-in https module with your SSL certificate and key files, then create an HTTPS server that uses your Express app. Replace the usual app.listen() with https.createServer({key, cert}, app).listen(port) to serve your app securely.
📐

Syntax

Use Node.js's https module to create a secure server. You need your SSL key and certificate files. Pass them along with your Express app to https.createServer(), then call listen() on the returned server.

  • key: Your private SSL key file content.
  • cert: Your SSL certificate file content.
  • app: Your Express application instance.
  • listen(port): Starts the HTTPS server on the given port.
javascript
const https = require('https');
const fs = require('fs');
const express = require('express');

const app = express();

const options = {
  key: fs.readFileSync('path/to/private.key'),
  cert: fs.readFileSync('path/to/certificate.crt')
};

https.createServer(options, app).listen(443, () => {
  console.log('HTTPS server running on port 443');
});
💻

Example

This example shows a simple Express app served over HTTPS using self-signed SSL certificates. It responds with 'Hello Secure World!' when accessed.

javascript
import https from 'https';
import fs from 'fs';
import express from 'express';

const app = express();

app.get('/', (req, res) => {
  res.send('Hello Secure World!');
});

const options = {
  key: fs.readFileSync('./ssl/key.pem'),
  cert: fs.readFileSync('./ssl/cert.pem')
};

https.createServer(options, app).listen(8443, () => {
  console.log('HTTPS server running on https://localhost:8443');
});
Output
HTTPS server running on https://localhost:8443
⚠️

Common Pitfalls

  • Using app.listen() instead of https.createServer() will not enable HTTPS.
  • Incorrect paths or missing SSL files cause errors; ensure your key and cert files exist and are readable.
  • Using HTTP port (like 80) for HTTPS server causes connection failures; use port 443 or another HTTPS port.
  • Self-signed certificates cause browser warnings; use trusted certificates for production.
javascript
/* Wrong way: This runs HTTP, not HTTPS */
const express = require('express');
const app = express();
app.listen(443);

/* Right way: Use https module with SSL options */
const https = require('https');
const fs = require('fs');
const options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem')
};
https.createServer(options, app).listen(443);
📊

Quick Reference

Steps to enable HTTPS in Express:

  • Obtain SSL certificate and private key files.
  • Import https, fs, and express modules.
  • Create Express app as usual.
  • Read SSL files with fs.readFileSync().
  • Create HTTPS server with https.createServer(options, app).
  • Call listen() on HTTPS server with port 443 or custom port.

Key Takeaways

Use Node.js's https module with SSL key and certificate to enable HTTPS in Express.
Replace app.listen() with https.createServer(options, app).listen(port) for secure serving.
Ensure SSL files exist and paths are correct to avoid startup errors.
Use port 443 or another HTTPS port, not the default HTTP port.
Self-signed certificates work for testing but use trusted certificates in production.

Related by keyword

How to Use Handlebars with Express: Simple Setup GuideTemplate EnginesHow to Use Socket.io with Express: Simple Setup GuideWebSocketHow to Create Routes in Express: Simple GuideRoutingHow to Get Query Params in Express: Simple GuideRoutingHow to Get Query String in Express: Simple GuideRouting

Up next

How to Use Session in Express: Simple Guide with ExampleSession vs Cookie in Express: Key Differences and UsageHow to Create a Custom Logger in Express for Better Request TrackingHow to Log Errors in Express: Simple Error Logging Guide

More in Security

How to Configure CORS in Express: Simple Setup GuideHow to Prevent CSRF Attacks in Express: Simple StepsHow to Prevent SQL Injection in Express Apps SecurelyHow to Prevent XSS Attacks in Express Applications