🟢 Node - HTTPS
Updated at 2015-07-25 15:51
First you need to get a certificate, they range between $9 and $20 per domain per year.
I personally use or SSLMate, depending the use case.
- sslmate, Apex + Single Subdomain through command line: $15/year
- SSLs, Apex + Single Subdomain: $4/year (3 years)
- Namecheap, Apex + Single Subdomain: $9/year
- Namecheap, Unlimited Subdomains: $94/year
Get a certificate from there or install the SSLMate program to automatically update your certificates.
sslmate buy example.com
# You specify the contact email, must be accessible for the activation code.
# Or use DNS approval: https://sslmate.com/help/approval/dns.
# Confirm.
# Check the provided email.
# Certificates are placed in the directory you initiated the command.
Copy certificates to /etc/ssl/private
or other designated directory on all of your front-end servers.
Enable HTTPS on the server software.
# For Apache and nginx, you can use this.
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
// e.g. for node you can use https standard library
// it is a good idea to save SSL file paths to env variables
var options = {
key: fs.readFileSync(process.env.NODE_SSL_KEY),
cert: fs.readFileSync(process.env.NODE_SSL_CERT)
};
require('https').createServer(options, requestHandler).listen(port);
Make sure your intra-site URLSs are defined without protocol or are relative.
FROM <script src="http://example.com/jquery.js"></script>
TO <script src="//example.com/jquery.js"></script>
OR <script src="/jquery.js"></script>
Redirect all HTTP (80) calls to HTTPS (443).
var redirectPort = 80;
var redirectHandler = function (req, res) {
var head = { "Location": "https://" + req.headers['host'] + req.url };
res.writeHead(301, redirectHandler);
res.end();
};
require('http').createServer(redirectHandler).listen(redirectPort);
console.log("Redirect server running at: " + redirectPort);
Turn on Strict Transport Security and Secure Cookies: