Detailed article by Almir Bijedic and Florian Rappl about setting up Node.js with SSL/TLS. Let’s Encrypt works beautifully, and having an SSL-secured site is easier than ever.
In the article, they work through a practical example of how to add a Let’s Encrypt-generated certificate to Express.js server.
But protecting our sites and apps with HTTPS isn’t enough. We should also demand encrypted connections from the servers we’re talking to. You will see that possibilities exist to activate the SSL/TLS layer even if it wouldn’t be enabled by default.
They explain how typical layers stack from website running in the browser perspective looks, talk about resources and performance of the web server with enables HTTP/2.
The article touches these topics:
- Basic HTTPS communication
- HTTPS in Node.js
- How to generate certificates
- HSTS web security policy mechanism
- HSTS is a web security policy mechanism
… and more. In 2018 and beyond, there’s no excuse to dismiss HTTPS. Well written!
[Read More]