How to Use HTTPS in Node.js: Simple Guide with Example
To use
https in Node.js, import the built-in https module and create a server with SSL certificate and key files. Use https.createServer(options, requestListener) where options includes your SSL credentials, then listen on a port to serve secure requests.Syntax
The https.createServer() method creates an HTTPS server. It requires an options object containing your SSL key and cert, and a requestListener function to handle incoming requests.
- options: An object with
keyandcertproperties holding your SSL private key and certificate. - requestListener: A function with
requestandresponseparameters to respond to client requests.
After creating the server, call server.listen(port) to start listening for HTTPS requests.
javascript
const https = require('https'); const fs = require('fs'); const options = { key: fs.readFileSync('path/to/private-key.pem'), cert: fs.readFileSync('path/to/certificate.pem') }; const server = https.createServer(options, (req, res) => { res.writeHead(200); res.end('Hello HTTPS!'); }); server.listen(443, () => { console.log('HTTPS server running on port 443'); });
Example
This example shows a simple HTTPS server that responds with "Hello HTTPS!" to every request. It uses self-signed SSL certificate files named server.key and server.cert in the same folder.
javascript
import https from 'https'; import fs from 'fs'; const options = { key: fs.readFileSync('./server.key'), cert: fs.readFileSync('./server.cert') }; const server = https.createServer(options, (req, res) => { res.writeHead(200, { 'Content-Type': 'text/plain' }); res.end('Hello HTTPS!'); }); server.listen(8443, () => { console.log('HTTPS server running on https://localhost:8443'); });
Output
HTTPS server running on https://localhost:8443
Common Pitfalls
Common mistakes when using HTTPS in Node.js include:
- Not providing valid SSL
keyandcertfiles, causing server errors. - Using HTTP ports (like 80) instead of HTTPS ports (like 443 or custom 8443) without proper redirection.
- Forgetting to handle errors on the server, which can crash the app.
- Using self-signed certificates in production without proper trust setup, causing browser warnings.
Always ensure your SSL files are correct and your server listens on the right port.
javascript
/* Wrong: Missing SSL options */ // https.createServer((req, res) => { // res.end('No SSL'); // }).listen(443); /* Right: Provide SSL options */ const https = require('https'); const fs = require('fs'); const options = { key: fs.readFileSync('key.pem'), cert: fs.readFileSync('cert.pem') }; https.createServer(options, (req, res) => { res.end('Secure!'); }).listen(443);
Quick Reference
Remember these key points when using HTTPS in Node.js:
- Use
https.createServer(options, handler)with SSLkeyandcert. - Listen on port 443 or a custom port for HTTPS.
- Use
fs.readFileSyncto load SSL files synchronously before server start. - Handle errors to avoid crashes.
- For development, self-signed certificates are fine; for production, use trusted certificates.
Key Takeaways
Use the built-in https module with SSL key and certificate files to create a secure server.
Always provide valid SSL credentials in the options object when calling https.createServer.
Listen on port 443 or another HTTPS port to serve secure requests.
Self-signed certificates cause browser warnings; use trusted certificates in production.
Handle server errors to keep your HTTPS server stable.