Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng - View Single Post - Hướng dẫn cài đặt ssl let's encrypt trên Node JS

18-08-2021, 05:12 PM

Hướng dẫn cài đặt ssl let's encrypt trên Node JS

[IMG]https://miro.medium.com/max/1400/1*tuufwZ37Yd0ialLOmr4aPg.jpeg[/IMG]

HTTPS is the basic security setting for all websites. To enable HTTPS and avoid the annoying “certificate not trusted error” on browsers, you need to get a certificate from a trusted issuer and install it on your server.
Let’s Encrypt is a free, automated, and open Certificate Authority. With letsencrypt, you can secure your server with HTTPS for free.
In this post, I will introduce how to secure your nodejs server with letsencrypt-express (now renamed to greenlock-express). Although there is an express in the name, you can still use it in your non-express nodejs server.
First, let’s create a test server:

Trích dẫn:

const http = require('http');function handler(req, res) {
res.end('Hello World!');
}http.createServer(handler).listen(80);

It listens on port 80 and response ‘Hello World!’ to any request.
Next, you need to enable HTTPS by starting an https server:

Trích dẫn:

const http = require('http');
const https = require('https');function handler(req, res) {
res.end('Hello World!');
}http.createServer(handler).listen(80);
https.createServer(handler).listen(443)

The https server does not work now, as you haven’t specify any certificate for it yet.
Now use letsencrypt-express (greenlock-express) to create a handler wrapper: (2018–05–20: the following code has been updated to support Let’s Encrypt v2)

Trích dẫn:

const PROD = false;const lex = require('greenlock-express').create({
version: 'draft-11', server: PROD ? 'https://acme-v02.api.letsencrypt.org/directory' : 'https://acme-staging-v02.api.letsencrypt.org/directory', approveDomains: (opts, certs, cb) => {
if (certs) {
// change domain list here
opts.domains = ['example.com', 'yourdomain.com']
} else {
// change default email to accept agreement
opts.email = 'youremail@here.com';
opts.agreeTos = true;
}
cb(null, { options: opts, certs: certs });
} // optional: see "Note 3" at the end of the page
// communityMember: true});const middlewareWrapper = lex.middleware;

You need to change the domain list and default email in approveDomains function according to your own needs.
The returned object middlewareWrapper is a function, which takes any handler with the following form, and returns a middleware with the same form:

Trích dẫn:

function(req, res, next)

This is good, because it can be used in different web frameworks. Now wrap your https request handler with it:

Trích dẫn:

https.createServer(
lex.httpsOptions,
middlewareWrapper(handler)
).listen(433);

That’s it! Test your server with HTTPS, if every thing is ok, set PROD to true, restart, and your server is well protected by HTTPS.

Tham khảo: https://medium.com/@bohou/secure-you...e-f8925742faa9