In this post, we will see how we can run HTTPS with NodeJS server on localhost. This way, we don’t have to buy SSL certificate for testing purpose.

Here are the steps:

  1. First we have to generate an SSL certificate.
    Create a new directory named ssl-data ( or any name ) anywhere you like.
    Open command prompt (Windows) / terminal (Linux) and execute the following command:

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt

    Follow on screen instructions and enter the data. You should have following two files created in the ssl-data directory:

    localhost.key
    localhost.crt
  2. Next we will create a new Node project. We can create a new project in regular way or by using generator.
    I recommend generator because first it creates lot of default code for you and second we get to know programming standards.
    I like generator-express for creating my projects, so I will follow that. Here is the link:

    https://www.npmjs.com/package/generator-express
  3. Start a command prompt / terminal and execute following commands one by one:
    npm install yo -g

    -g is for global installation

    npm install generator-express -g
    yo express

    This will ask to create a new directory, enter nodessl ( or any other name )
    Choose MVC as project type. MVC allow us to divide application in separate components which are easy to write and manage.
    Choose EJS as view engine ( or anyone you like )
    Choose None or any css preprocessor to use
    Choose None for database ( or you can select a database in case you require )
    Choose Gulp or Grunt build tool to use. Search on google for Gulp Vs Grunt.

  4. Our project is ready at this moment. The directory structure should look similar to this:
    |-nodessl
        |-app
             |-controllers
             |-models
             |-views
        |-config
        |-node_modules
        |-public
         .bowerrc
         .gitignore
         app.js
         bower.json
         gulpfile.js
         package.json

    Lot of files and folders, right 🙂
    Don’t worry, they are for good.
    To learn more about generators, follow this link:

    http://ashutoshpandey.in/blog/generators-node-js/

    The file important for us here is app.js

  5. Open this file in a text editor. It will look similar to this:
    var express = require('express'),
        config = require('./config/config');
    
    var app = express();
    
    require('./config/express')(app, config);
    
    app.listen(config.port, function () {
       console.log('Express server listening on port ' + config.port);
    });

    config/config.js file contains the configuration settings for our application.

  6. We will change the above with the lines below to add SSL configurations:
    var express = require('express'),
        config = require('./config/config'),
        https = require('https'),
        fs = require('fs');
    
    var app = express();
    
    require('./config/express')(app, config);
    
    var sslKeyPath = "path to localhost.key file";
    var sslCertificatePath = "path to localhost.cert file";
    
    var options = {
      key: fs.readFileSync(sslKeyPath),
      cert: fs.readFileSync(sslCertificatePath),
      requestCert: false,
      rejectUnauthorized: false
    };
    
    https.createServer(options, app).listen(config.port, function() {
       console.log('Express server listening on port ' + config.port);
    });

    Set the values of variables sslKeyPath and sslCertificatePath to the files we created earlier.
    To run the server, execute following command on command prompt / terminal:

    node app.js

    The server is ready to work now. We can test the server by visiting:

    https://localhost:3000

    on a web browser.
    You may see a warning message that connection to this site is not private or site is not secure but your SSL is running for your server.
    In production environment, simply replace the key and certificates with SSL certificate you purchased from providers like DigitalOcean, GoDaddy etc.