A tutorial on how I enforce https redirects on my Node.js Express projects hosted on Heroku with Namecheap domains.
For security reasons, it’s always good to have every request to your website redirect through a https connection. It establishes a secure link between the web server and the user’s browser. Any site that has https automatically enabled is deemed reliable, stable and trustworthy. But despite knowing all that, I did get lazy about implementing it when publishing my first website. I had put it on my to-do list but it got pushed down to the bottom until I eventually forgot about it.
Fast forward to the day I launched and started getting emails from interested users. Surprisingly a secure connection was the most requested feature I got from users. Even though I had SSL enabled, they wanted the site to automatically connect through a HTTPS connection. So I bumped the item back to the top of my agenda and got to implementing a route via a node package.
Step 1: Get an SSL certificate
You can get this for free from Heroku on a paid plan or purchase it from your domain supplier. I did the latter and followed Namecheap’s instructions which you can access here. Once you have SSL enabled, the https://yourwebsite.com version of your site becomes accessible. But that can only be accessed via a direct link.
Step 2: Add a Node Package
Now some developers will skip using a package and just add in some lines of code themselves. That’s great if you can account for all the contingencies and I was definitely trying to go for that option earlier, but because I had some trouble with it I stuck with a package to take care of it for me. It’s just cleaner and less of a headache.
The package I recommend using is: heroku-ssl-redirect.
Install it by entering the following into Terminal after navigating to your project folder:
npm install heroku-ssl-redirectStep 3: Implement code to call the package
Now go into your app.js file and enter the following at the beginning:
var sslRedirect = require('heroku-ssl-redirect');
And then add this line below where express is implemented, but before the code that calls the GET route for the landing page :
app.use(sslRedirect());
For context, this should be the order of all the code snippets referenced:
var sslRedirect = require('heroku-ssl-redirect');
var express = require('express');
var app = express();// enable ssl redirect
app.use(sslRedirect());app.get('/', function(req, res){
res.send('hello world');
});app.listen(3000);
Or you could save and copy the code snippets directly from thiscodeworks.com
It’s very important that you get the order right. I’m embarrassed to admit that I was stuck for quite a while wondering why it wasn’t working until it finally hit me that I had got the order wrong.
Now commit your changes and push to Heroku. Refresh your web address prefixed with http, and you’ll find yourself instantly redirected to https. That’s all there is to it!
Originally published at www.thiscodeworks.com.
