How to Configure Google Compute Engine to use HTTPS for Node.js Server ?

In this article, we will have a look at the configuration of HTTPS for the Node.js server deployed in Google Compute Engine. We will see how we can set up a Node.js server with reverse proxy with an NGINX server having HTTPS configuration. 

We will use GCE (Google Compute Engine) Virtual machine for setting up our application. NGINX is a free web server that we are going to use. For this server, we will set up HTTPS by installing an SSL certificate. We will forward HTTPS traffic from NGINX to the local HTTP Node.js server running at localhost using reverse proxy. So, let's start setting up our server.

Prerequisites:

• Google Cloud
• Node.js
• Web Development
• Networking

Steps to install NGINX, OpenSSL, NodeJS, and NPM on GCE virtual machine:

Firstly, update your packages using the below command. 

sudo apt-get update

Run the Below Command to install NodeJS and npm.

sudo apt-get install nodejs
sudo apt-get install npm

Install NGINX and OpenSSL using the below commands.

sudo apt-get install nginx
sudo apt-get install openssl

Steps to configure a new GCE VM:

• From side navigation on Google Cloud Console navigate to Compute Engine > VM Instances
• On VM instances select Create Instance. For this tutorial, we are going to use Ubuntu with the N1 series machine. Fill in the details according to your server requirements.

• Please ensure that you have enabled HTTP and HTTPS traffic under the firewall. You can specify other options if required else keep them default. Once done click on create.

• Once created go to the VM overview page and copy the External IP address we are going to use in the next part of the tutorial.

Steps to configure the NodeJS project:

For this tutorial, you can use an existing NodeJS project OR follow the below steps to create a sample project.

• First, we will create a directory for our sample project (Here gfg). Then run the below command from it for initializing npm. Fill in the required details as per your requirement.

npm init

• Now we will install Express and set up our app.js file. Run the below command to install express.

npm install express

• Create an app.js file inside the project directory and then add your code. we will use the below sample code for create a simple 'Hello World' app.

• Save app.js now run app.js using below command you will get output as below.

node app.js

• You can also use curl from another SSH shell to see the exact output.

Steps to configure NGINX:

• You can verify nginx installation using the below commands.

sudo apt-get install -y nginx

• Once installed NGINX service will start automatically and you can hit the instance external IP in the browser. If you see the output below server has started successfully and we can move forward to setting up HTTPS.

Setting up HTTPS on NGINX:

• Run the below command to create a new self-signed certificate. if you want to use a certificate signed by the authority you can do so.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx.key -out /etc/ssl/certs/nginx.crt

• Fill in the information about your organization and put the domain name in place of the common name. If you don't have the domain name, you can put the external IP of the instance.

• Now we will create a Diffie Hellman group. Run the below command it may take an hour to complete.

sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096

• After completion of the above command, we can update NGINX files to use our certificate. create a configuration file(self-signed.conf) under directory /etc/nginx/snippets/ and put the below lines in it. If you are using another certificate update the same below.

ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;

• Now update the configuration file for your site under /etc/nginx/sites-available directory. For this tutorial, we will update the default file. You can create your own file if you want. Update the file as below if you are using external IP as a domain.

• If you are using a domain name refer below snippet for the update.

server {
 listen 443 ssl;
 listen [::]:443 ssl;

 include snippets/self-signed.conf;

 server_name example.com www.example.com;
 ...
}

• Now the NGINX server is ready to serve HTTPS traffic. 

Setting Up Reverse proxy on NGINX: 

• Under the same configuration file as above under location set proxy pass to our local NodeJS server running at 3000 port.

• Now all the configurations are done. Finally, restart NGINX to start using the new configuration. Run the below command.

sudo service nginx restart

• Now go to the browser and hit the external IP address or your domain with https:// you may get the following screen. But no worries about this is because we are using a self-signed certificate. To move forward click on Advanced and click proceed with the unsafe connection.

• Once proceed you should see our Hello World application in the browser. If you are getting a 502 error, then make sure the NodeJS server is correctly running on port 3000. Hence, we have set up a NodeJS server with HTTPS on GCE.