๐ How to Build a Real-World HTTPS Server in Node.js (with Express)
Chauhan Balaji
How to build a real-world HTTPS server in Node.js(with Express)
If you're building a real web application, you must use HTTPS to protect your usersโ data and secure your APIs.
In this blog, youโll learn how to set up an HTTPS server in Node.js using Express.js with SSL certificatesโjust like itโs done in production.
Letโs dive in! ๐
๐ง What is HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. It uses SSL/TLS to encrypt the connection between the client (browser) and the server.
Benefits of HTTPS:
๐ Secure data transmission
๐ก๏ธ Protects login and payment info
๐ Shows a lock icon in browsers
๐ Improves SEO ranking
โ๏ธ HTTP vs HTTPS โ Whatโs the Difference?
| Feature | HTTP | HTTPS |
| ๐ Security | โ Not secure | โ Encrypted using SSL/TLS |
| ๐ฆ Data Protection | โ Data can be intercepted | โ Data is encrypted in transit |
| ๐ Browser Lock Icon | โ No lock icon | โ Shows lock icon |
| ๐ซ Mixed Content Warnings | โ May trigger warnings | โ Avoids warnings |
| ๐ SEO (Google) | โ Lower preference | โ Preferred by search engines |
| ๐งพ Used for Payments | โ Not allowed | โ Required for secure checkout |
๐ In short: Use HTTP only for testing. Use HTTPS in real projects.
๐๏ธ Project Folder Structure
Weโll organize our project like this:
perlCopyEditmy-secure-app/
โโโ cert/
โ โโโ cert.pem # SSL certificate
โ โโโ key.pem # Private key
โโโ server.js # Main server file
โโโ package.json
๐ฆ Step 1: Initialize and Install Express
First, create your project:
bashCopyEditmkdir my-secure-app && cd my-secure-app
npm init -y
npm install express
๐ Step 2: Generate SSL Certificates (Local Dev Only)
You can create a self-signed certificate using OpenSSL:
bashCopyEditmkdir cert
openssl req -nodes -new -x509 -keyout cert/key.pem -out cert/cert.pem
For production, always use a certificate from a trusted authority like Letโs Encrypt.
๐งโ๐ป Step 3: Write Your HTTPS Server Code
Create server.js:
jsCopyEditconst fs = require("fs");
const https = require("https");
const express = require("express");
const path = require("path");
const app = express();
// Load SSL Certificate and Private Key
const sslOptions = {
key: fs.readFileSync(path.join(__dirname, "cert", "key.pem")),
cert: fs.readFileSync(path.join(__dirname, "cert", "cert.pem")),
};
// Middleware
app.use(express.json());
// Routes
app.get("/", (req, res) => {
res.send("๐ Welcome to your Secure HTTPS Express Server!");
});
app.get("/api", (req, res) => {
res.json({ message: "This is secure API data" });
});
// Start HTTPS Server
https.createServer(sslOptions, app).listen(4433, () => {
console.log("๐ HTTPS Server is running at https://localhost:4433");
});
โ Step 4: Run the Server
Start the HTTPS server:
bashCopyEditnode server.js
Then go to:
arduinoCopyEdithttps://localhost:4433
Youโll likely see a browser warning for self-signed certificates. You can safely ignore that during development.
๐ Bonus: Redirect HTTP โ HTTPS (Optional)
Want your app to automatically redirect from HTTP to HTTPS? Here's a simple addition:
jsCopyEditconst http = require("http");
http.createServer((req, res) => {
res.writeHead(301, { "Location": "https://" + req.headers.host + req.url });
res.end();
}).listen(8080, () => {
console.log("๐ HTTP server redirecting to HTTPS on port 8080");
});
๐ Conclusion
Using HTTPS is not optional anymoreโit's a must for every modern website or API. With Node.js and Express, setting up a secure server is actually very easy.
๐ Final Tips:
Use self-signed certs for local testing only.
For production, use Letโs Encrypt (free) or other CA providers.
Always redirect HTTP to HTTPS to avoid mixed content issues.
Subscribe to my newsletter
Read articles from Chauhan Balaji directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Chauhan Balaji
Chauhan Balaji
Computer Science student | Future Software Engineer | Code. Learn. Build. Repeat.