hi everyone!

I'm new to backend development, and i am trying to set up a node.js server using typescript.

I followed a tutorial and it seems to work!

but before starting to setup and code all my routes and requests, I would like to use https instead of http, somethings that I never did. (that wasn't a mandatory during my school projects).

here is my app.ts, where I setup everything.

import dotenv from 'dotenv';
import express from 'express';
import MasterRouter from './routers/MasterRouter';



// load the environment variables from the .env file
dotenv.config({
  path: '.env'
});

class Server {
    public app = express();
    public router = MasterRouter;
}

// initialize server app
const server = new Server();

// make server app handle any route starting with '/api'
server.app.use('/api', server.router);


// make server listen on some port
((port = process.env.APP_PORT || 5000) => {
  server.app.listen(port, () => console.log(`> Listening on port ${port}`));
})();

Can you guys give me advices on how to have a safe server?

I already got the files cert.pem and key.pem .

thanks!

CodePudding user response：

Developing locally in HTTPS is not common. How did you issue your cert and for what domains? Will the browser recognise your cert as coming from an SSL certificate authority? Despite your best intentions you might still get the insecure connection screen in your browser.

A popular option today is to do all of your development with HTTP. Then you use a reverse proxy like Cloudflare or an AWS load balancer in front of your server. Your users then connect and negotiate an SSL connection with the proxy which in turn will talk to your server over HTTP.

Setting this up is easy. You simply allow Cloudflare to manage your DNS and it will automatically route all connections through its servers over SSL before passing it onto your node application. This will give your website the nice secure lock icon.

Once you know more, you can also encrypt traffic between Cloudflare and your server.