Configuring HTTPS for Express and Nginx

by

You don’t need to use HTTPS between your nginx reverse proxy and Node app running on the same host. You can proxy both HTTP requests to port 80 and HTTPS requests to port 443 to the same port in your Node app – 8080 in this case – and you don’t need to configure TLS certificates in that case.

You can change your server.js file to:

var app = express();

app.listen(8080, console.log("Server running"));

and use an nginx config that has proxy_pass http://localhost:8080; for both HTTP on port 80 and HTTPS on port 443.

This is how it is usually done. Encrypting traffic on the loopback interface doesn’t add any security because to sniff the traffic you need root access to the box and when you have it then you can read the certs and decrypt the traffic anyway. Considering the fact that most of the posts on https://nodejs.org/en/blog/vulnerability/ are related to OpenSSL, one could argue that using SSL in Node can make it less secure in that particular case of encrypting loopback interface traffic. See this discussion on the Node project on GitHub for more info.

More Related Contents:

  1. How to create an HTTPS server in Node.js?
  2. nodejs – error self signed certificate in certificate chain
  3. Unable to verify leaf signature
  4. node-request – Getting error “SSL23_GET_SERVER_HELLO:unknown protocol”
  5. Listen on HTTP and HTTPS for a single express app
  6. Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint
  7. How can I use HTTPS in AngularJS?
  8. Correct way to write a non-blocking function in Node.js
  9. Call async/await functions in parallel
  10. How to append to a file in Node?
  11. How to properly reuse connection to Mongodb across NodeJs application and modules
  12. How to chain and share prior results with Promises [duplicate]
  13. Make several requests to an API that can only handle 20 request a minute
  14. How to reload or re-render the entire page using AngularJS
  15. Mongoose the Typescript way…?
  16. Why cant I inline call to res.json?
  17. Android volley self signed HTTPS trust anchor for certification path not found
  18. What is the difference between post api call and form submission with post method?
  19. Gulp.js task, return on src?
  20. Find out if someone has a role
  21. I am getting error in console “You need to enable JavaScript to run this app.” reactjs
  22. How to solve Mongoose v5.11.0 model.find() error: Operation `products.find()` buffering timed out after 10000ms”
  23. How to chain execution of array of functions when every function returns deferred.promise?
  24. How can one get the file path of the caller function in node.js?
  25. How to resolve the Syntax error : await is only valid in async function?
  26. Is there a way to read image metadata using node.js
  27. socket.io, ‘Access-Control-Allow-Origin’ error
  28. How to add mixins to ES6 javascript classes?
  29. node.js, express, how to get data from body form-data in post request
  30. Sending whole folder content to client with express

Leave a Comment