HTTP: When the data is transferred in HTTP protocol it just travels in the clear text format.
HTTPS: It simply encrypts the request from the browser to the web server, so it is tough to sniff that information. It basically works on two things:
- SSL (Secure Socket Layer)
- TLS (Transport layer security)
Both of these use a PKI (Public Key Infrastructure)
- If you can't afford an SSL Certificate then the other alternative is that there are a lot of payment services that can provide you an API to integrate into your website i.e you can have your website on a nonsecure channel (HTTP) and whenever there is a payment then redirect the user to that payment gateway service.
- HTTPS is a separate module in Node.js and is used to communicate over a secure channel with the client. HTTPS is the HTTP protocol on top of SSL/TLS(secure HTTP protocol).
There are various advantages to this additional layer:
- Integrity and Confidentiality are guaranteed, as the connection is encrypted in an asymmetric manner.
- We get authentication by having keys and certificates.
An Example of setting up an HTTPS server with Node.Js is as follows:
- We will first create an homepage.html file, this homepage.html file will have an HTML code for creating a web page i.e the page that will be displayed when the user asks for it or enter the URL of the same.
- homepage.html file will also have a resource homepage.css
- When the browser tries to get the resource homepage.css it will throw it to the server, the server will create a response header, so the browser knows how to parse the file.
- The code below is written in a third file saved as a .js file.
Example 1: In this example, we will set up an HTTPS server with NodeJs.
(function() {
// Reading and writing to files in Node.js
// working with directories or file system
const fs = require("fs");
// Responsible for creating HTTPS server
// taking options for the server
// options like where your certificates
// and private key files are located
// also take actual request and response server
// code for parsing web pages from files
const https = require("https");
// Helps with mimetypes in creating our response header
const path = require("path");
// "text/css" is added in response header
// so browser knows how to handle it
let mimetypes = {
"css":"text/css",
"html":"text/html"
};
// Options is used by the servers
// pfx handles the certificate file
let options = {
pfx: fs.readFileSync("ssl/cert.pfx"),
passphrase: "encrypted"
};
let server = https.createServer(options, function(request, response) {
// If the url is empty
if (request.url == "" || request.url == "/") {
request.url = "homepage.html";
}
// __dirname is the directory where we are getting
// these files from __dirname holds the file route
// request.url is the index.html we made earlier
// function is the callback function that holds two
// parameters
fs.readFile(__dirname + "/" + request.url, function(err, content) {
if (err) {
console.log("Error: " + err);
}
else {
// 200 is code for OK
// content-Type is the object or the content header
response.writeHead(200,
{ 'Content-Type': mimetypes[path.extname(request.url).split(".")[1]] });
response.write(content);
}
// This will send our response back to the browser
response.end();
});
});
server.listen("port number", "IP Address", function() {
console.log("Server has started!");
});
})();
Output: Whatever the port number and IP Address are given to the server.listen it will execute that only web page whenever requested. And this web page will be HTTPS.