1 00:00:00,000 --> 00:00:04,781 [MUSIC] 2 00:00:04,781 --> 00:00:09,377 In the previous lecture we learned about HTTPS and how they can carry out 3 00:00:09,377 --> 00:00:13,141 secure communication between the client and the server. 4 00:00:13,141 --> 00:00:17,960 We also learned a little bit about cryptography, 5 00:00:17,960 --> 00:00:21,700 enough to understand how HTTPS works. 6 00:00:21,700 --> 00:00:24,800 For us to configure our HTTP server, 7 00:00:24,800 --> 00:00:28,500 we need to obtain a public key and certificate. 8 00:00:28,500 --> 00:00:34,650 We will now configure our conFusion server to use HTTPS in this exercise. 9 00:00:34,650 --> 00:00:38,940 So, let's proceed forward, first to generate the key and 10 00:00:38,940 --> 00:00:42,130 the certificate that we can use for our server and 11 00:00:42,130 --> 00:00:47,240 then thereafter modify our express application to support HTTPS. 12 00:00:49,060 --> 00:00:53,310 To get started on this exercise go to the conFusion server folder. 13 00:00:53,310 --> 00:00:57,230 And then in your terminal or command window and 14 00:00:57,230 --> 00:01:02,200 then go into the bin folder inside the conFusion server folder. 15 00:01:02,200 --> 00:01:05,440 And in the bin folder you will see a file named www. 16 00:01:05,440 --> 00:01:09,520 This is the folder where we are going to generate our private key and 17 00:01:09,520 --> 00:01:12,310 then also generate the certificate for 18 00:01:12,310 --> 00:01:18,840 our HTTPS server using a command line tool called as OpenSSL. 19 00:01:18,840 --> 00:01:24,320 Now OpenSSL is typically installed on Mac OS machines by default. 20 00:01:24,320 --> 00:01:31,030 For Windows machines you may need to download and install OpenSSL explicitely. 21 00:01:31,030 --> 00:01:35,780 Now I've provided a couple of links in the instructions for you to go and 22 00:01:35,780 --> 00:01:37,550 fetch OpenSSL. 23 00:01:37,550 --> 00:01:41,897 I have also provided you with a website where you can generate self-signed private 24 00:01:41,897 --> 00:01:43,430 key and certificate. 25 00:01:43,430 --> 00:01:44,960 So let's go and take a quick look at that. 26 00:01:45,960 --> 00:01:49,440 If you are running a Windows machine and 27 00:01:49,440 --> 00:01:52,080 if you don't have OpenSSL already installed. 28 00:01:52,080 --> 00:01:56,120 Then this link provides binaries for 29 00:01:56,120 --> 00:02:00,300 OpenSSL that you can download and install on your Windows machine. 30 00:02:00,300 --> 00:02:06,050 So this link is provided in the instructions for this exercise. 31 00:02:06,050 --> 00:02:08,720 So going in there, 32 00:02:08,720 --> 00:02:14,145 you will find several downloads of third-party OpenSSL 33 00:02:14,145 --> 00:02:19,742 related distributions that you can download and install on your computer. 34 00:02:19,742 --> 00:02:24,730 So install one of these in order to proceed ahead 35 00:02:24,730 --> 00:02:29,030 with this exercise if you don't have OpenSSL already on your machine. 36 00:02:30,200 --> 00:02:35,330 Now, also if you want another way of 37 00:02:36,410 --> 00:02:40,410 generating your private key and certificate. 38 00:02:40,410 --> 00:02:45,240 Here is a blog article, a link to which I've already provided in the instructions, 39 00:02:45,240 --> 00:02:49,990 which explains also how to set up your Windows machine with 40 00:02:51,410 --> 00:02:55,990 OpenSSL and also generate the private key and certificate. 41 00:02:55,990 --> 00:03:01,140 So walk through this steps to configure your Windows machine for 42 00:03:01,140 --> 00:03:05,330 generating the private key and certificate. 43 00:03:05,330 --> 00:03:09,960 Now, if you don't want to install OpenSSL, then here is a link 44 00:03:09,960 --> 00:03:14,610 to a site which allows you to generate 45 00:03:14,610 --> 00:03:19,420 there self-signed SSL certificate and key as you see here. 46 00:03:19,420 --> 00:03:22,900 So a link to this site is also provided in the instruction. 47 00:03:22,900 --> 00:03:27,690 So you can use the server to generate the SSL certificate and 48 00:03:27,690 --> 00:03:29,930 key for your Windows machine. 49 00:03:29,930 --> 00:03:32,330 So anyone of this approaches can be used for 50 00:03:32,330 --> 00:03:38,720 generating the private key and the certificate for your Windows machine. 51 00:03:38,720 --> 00:03:41,320 Since I am running on an OSX machine, 52 00:03:41,320 --> 00:03:47,580 I'm going to generate my private key and certificate using OpenSSL. 53 00:03:47,580 --> 00:03:52,858 So going to the terminal, let me type openssl genrsa 54 00:03:52,858 --> 00:03:59,249 1024, meaning that I'm going to generate a private key of size 1024. 55 00:03:59,249 --> 00:04:04,400 So I'm going to put this in to a file named private key, and 56 00:04:04,400 --> 00:04:10,590 once this is generated, then we will generate the corresponding cert.csr file 57 00:04:10,590 --> 00:04:16,340 so it will say openssl req request. 58 00:04:16,340 --> 00:04:21,398 So we are requesting for a new certificate, 59 00:04:21,398 --> 00:04:27,839 with the key private.key, and it'll generate that. 60 00:04:32,283 --> 00:04:35,530 Cert.csr here. 61 00:04:35,530 --> 00:04:40,440 Now, when you generate the cert.csr, it will come up with a few questions for 62 00:04:40,440 --> 00:04:42,378 you to fill in. 63 00:04:42,378 --> 00:04:44,700 You can accept the default values or 64 00:04:44,700 --> 00:04:48,400 you can fill in your own values if you so chose to. 65 00:04:48,400 --> 00:04:52,120 It doesn't really matter because this certificate we are using only within our 66 00:04:52,120 --> 00:04:55,730 computer to test our HTTPS server. 67 00:04:55,730 --> 00:04:58,156 So, let me fill in some details. 68 00:05:02,293 --> 00:05:06,286 I'm going to leave a few of the things empty there. 69 00:05:06,286 --> 00:05:09,380 And that would work just fine, 70 00:05:09,380 --> 00:05:13,900 it doesn't really matter whether you fill in this information or not. 71 00:05:13,900 --> 00:05:19,679 So once you do that your cert.csr is generated and 72 00:05:19,679 --> 00:05:26,834 from that they will generate the distribution certificate so 73 00:05:26,834 --> 00:05:31,651 for that we'll type at the command prompt 74 00:05:31,651 --> 00:05:37,295 openssl x509 -req -in cert.csr -signkey 75 00:05:37,295 --> 00:05:42,134 private.key -out certificate.pem. 76 00:05:42,134 --> 00:05:47,052 So this will generate the certificate for 77 00:05:47,052 --> 00:05:52,111 us, and so once you complete these steps, 78 00:05:52,111 --> 00:05:55,623 when you look at your folder, 79 00:05:55,623 --> 00:06:00,961 you will see that you have the private.key, 80 00:06:00,961 --> 00:06:07,255 the cert.csr, and certificate.pem in there. 81 00:06:07,255 --> 00:06:11,205 This will be required for configuring our HTTPS server. 82 00:06:11,205 --> 00:06:17,375 So, now to configure HTTPS server, let's go to our editor. 83 00:06:17,375 --> 00:06:21,755 In the editor, we will go to this bin folder here. 84 00:06:21,755 --> 00:06:25,135 And in the bin folder, you'll see this file called www. 85 00:06:25,135 --> 00:06:30,550 We briefly looked at this file in one of the earlier exercises. 86 00:06:30,550 --> 00:06:36,296 Now going into this file we're now going 87 00:06:36,296 --> 00:06:41,704 to also import the HTTPS core module so 88 00:06:41,704 --> 00:06:49,776 we'll say HTTPS require HTTPS And 89 00:06:49,776 --> 00:06:53,010 we'll also require the file system module. 90 00:06:53,010 --> 00:06:57,160 You have already encountered the file system module earlier 91 00:06:57,160 --> 00:06:58,560 in one of the exercises. 92 00:06:58,560 --> 00:07:01,440 So we'll import both of these. 93 00:07:01,440 --> 00:07:07,180 And then, going down here, we will configure the port number at which our 94 00:07:07,180 --> 00:07:13,200 HTTPS server will be running, so we'll say app.set and 95 00:07:13,200 --> 00:07:17,160 we'll say secPort. 96 00:07:17,160 --> 00:07:22,370 So we're going to set up a variable here called secure port and 97 00:07:22,370 --> 00:07:26,890 then I will initialize this to port+443. 98 00:07:26,890 --> 00:07:29,998 Now, why do I use this port+443? 99 00:07:29,998 --> 00:07:35,881 In a standard server, if your server is acting as a web server, 100 00:07:35,881 --> 00:07:42,890 your HTTP protocol will be running at port number 80 on your server. 101 00:07:42,890 --> 00:07:47,049 And the secure HTTP will run on port number 443. 102 00:07:48,090 --> 00:07:54,070 Now you would normally not want to use those reserved ports 103 00:07:54,070 --> 00:08:00,170 in a development application but we are doing in this course. 104 00:08:00,170 --> 00:08:02,250 Instead, as you saw earlier, 105 00:08:02,250 --> 00:08:08,170 we had configured our port number to 3000 where our HTTP server is running. 106 00:08:08,170 --> 00:08:15,481 So I'm going to be running the HTTPS server, at port number 3443. 107 00:08:15,481 --> 00:08:18,311 So 3000 plus 443. 108 00:08:18,311 --> 00:08:22,550 So that's the reason why I am declaring this secure port. 109 00:08:22,550 --> 00:08:30,748 As port+443, so our HTTPS server will be running at port number 443. 110 00:08:30,748 --> 00:08:35,296 I will still be running the HTTP server at port 3000, 111 00:08:35,296 --> 00:08:40,696 we have already created the HTTP server here in the WWW, or rather, 112 00:08:40,696 --> 00:08:46,220 this is automatically generated by the express generator. 113 00:08:46,220 --> 00:08:49,890 Now, since the HTTP server is already configured, 114 00:08:49,890 --> 00:08:54,290 we are now going to configure the HTTPS server. 115 00:08:55,810 --> 00:09:02,460 So to configure the HTTPS server, right after we configure the HTTP server. 116 00:09:02,460 --> 00:09:06,410 Now the reason why I'm going to still run the HTTP server is that, 117 00:09:06,410 --> 00:09:12,120 if I get a request on the HTTP server's port then, 118 00:09:12,120 --> 00:09:16,420 that request will be redirected to the HTTPS server. 119 00:09:16,420 --> 00:09:23,070 So my server will only service request coming in on the HTTPS ports. 120 00:09:23,070 --> 00:09:27,750 But if by chance anybody accesses the server at the HTTP port, 121 00:09:27,750 --> 00:09:31,070 I will redirect that request to the HTTPS port. 122 00:09:31,070 --> 00:09:33,270 We will do that a little bit later. 123 00:09:33,270 --> 00:09:36,316 First, let's configure out HTTPS server. 124 00:09:36,316 --> 00:09:40,665 So to configure the HTTPS server, right here, 125 00:09:40,665 --> 00:09:46,060 I will declare a few options here for my HTTPS server. 126 00:09:46,060 --> 00:09:51,740 Now recall that for an HTTPS server, we need to configure the private key and 127 00:09:51,740 --> 00:09:56,670 the certificate that my HTTPS server is going to use. 128 00:09:56,670 --> 00:10:01,200 So in the options, I'm going to specify key and 129 00:10:01,200 --> 00:10:07,832 then I will use the file system and then I'll say, readFileSync. 130 00:10:09,340 --> 00:10:16,250 So I will read this file synchronously so that I will complete reading in the file 131 00:10:16,250 --> 00:10:21,290 before I can configure my HTTPS server. 132 00:10:21,290 --> 00:10:25,862 So I'm going to reading this file from __dirname. 133 00:10:25,862 --> 00:10:30,958 You already know why I use __dirname from the previous 134 00:10:30,958 --> 00:10:36,710 exercises where we saw the five system module being used. 135 00:10:36,710 --> 00:10:40,370 And then, so I will say __dirname+. 136 00:10:40,370 --> 00:10:49,570 So here, we supply the path to the private.key. 137 00:10:49,570 --> 00:10:54,346 Now, recall that this www is in the bin folder. 138 00:10:54,346 --> 00:10:57,710 And the private.key is also in the bin folder, so 139 00:10:57,710 --> 00:11:03,200 that's why I'm going to say dirname+ this, so this will specify 140 00:11:03,200 --> 00:11:08,170 to the file system read module that the file should be 141 00:11:08,170 --> 00:11:13,440 read from this bin directory, from that private.key file here. 142 00:11:14,730 --> 00:11:18,360 Now also, we will read in the certificate here. 143 00:11:18,360 --> 00:11:21,585 So we'll say, cert fs.readFileSync. 144 00:11:21,585 --> 00:11:26,053 So it will synchronously read file which means that, 145 00:11:26,053 --> 00:11:33,050 the file will be read completely before you proceed on to that next step here. 146 00:11:33,050 --> 00:11:40,340 And the file that we need to read is also __dirname+. 147 00:11:40,340 --> 00:11:47,865 And we'll say, /certificate.pem, which we have generated earlier. 148 00:11:51,407 --> 00:11:56,697 And that should be a comma, and I should not put a semicolon there, 149 00:11:56,697 --> 00:12:02,740 because this is a JavaScript object that we have defined has the options. 150 00:12:02,740 --> 00:12:09,070 So once we define the JavaScript object, then let's configure the secure server. 151 00:12:09,070 --> 00:12:15,407 So we'll say var secureServer https. 152 00:12:15,407 --> 00:12:21,410 Recall that, now, we're going to be using https, and then we'll say createServer. 153 00:12:21,410 --> 00:12:27,611 So recall that for HTTP, we configured our server like this here. 154 00:12:27,611 --> 00:12:32,540 For the secure server, we're going to create that by saying, 155 00:12:32,540 --> 00:12:37,859 var secureServer https.createServer, and then we will supply 156 00:12:37,859 --> 00:12:44,161 the options that we have just configured and then the second part is app here. 157 00:12:44,161 --> 00:12:48,026 So my secureServer is well, 158 00:12:48,026 --> 00:12:54,410 also going to be available for my app to access. 159 00:12:54,410 --> 00:13:00,301 Now down below here, I'm going to configure 160 00:13:00,301 --> 00:13:06,044 the secureServer.listen on port number, 161 00:13:11,990 --> 00:13:13,530 secPort. 162 00:13:13,530 --> 00:13:17,950 Recall that here we had done an app.set secPort, so 163 00:13:17,950 --> 00:13:23,840 we set this value here to the secure port number. 164 00:13:23,840 --> 00:13:27,280 And then down below here, we are saying app.get. 165 00:13:27,280 --> 00:13:32,013 So this means that this value that we have 166 00:13:32,013 --> 00:13:36,470 configured earlier will be available 167 00:13:36,470 --> 00:13:41,205 to us to configure our listening port for 168 00:13:41,205 --> 00:13:45,522 our server, app.get secPort, and 169 00:13:45,522 --> 00:13:52,059 then supply the, Callback function here. 170 00:13:55,029 --> 00:13:58,438 And inside this callback function, we'll say, 171 00:14:03,514 --> 00:14:11,715 console.log Server listening on port. 172 00:14:21,317 --> 00:14:26,931 Let's do secure server listening on port 173 00:14:28,697 --> 00:14:32,448 And then, once we configure the secureServer, 174 00:14:32,448 --> 00:14:38,690 then we need to, See, secureServer on. 175 00:14:38,690 --> 00:14:45,170 So if the secureServer receives an error event, 176 00:14:45,170 --> 00:14:51,790 then we will like the onError, which is configured down below, to handle that. 177 00:14:51,790 --> 00:14:55,520 And then we'll say, secureServer.on. 178 00:14:59,786 --> 00:15:04,428 Listening, so if you receive the listening event, 179 00:15:04,428 --> 00:15:07,950 then we will call the onListening. 180 00:15:07,950 --> 00:15:11,100 Now where are these onError and onListening configured? 181 00:15:11,100 --> 00:15:14,830 If you go down into the code here, down below here. 182 00:15:14,830 --> 00:15:20,920 You're specifying these two functions that onError function here, 183 00:15:20,920 --> 00:15:24,540 and then the onListening function here. 184 00:15:24,540 --> 00:15:30,140 So we're going to be using these two functions for configuring our server here. 185 00:15:30,140 --> 00:15:32,320 So with these changes, 186 00:15:32,320 --> 00:15:38,180 my server is now configured to also run the secureServer at port number 443. 187 00:15:38,180 --> 00:15:44,290 We have already configured the standard HTTP server here already. 188 00:15:44,290 --> 00:15:51,860 So once we have done these two, then, our next update will be in the app.js file. 189 00:15:51,860 --> 00:15:58,313 So going to app.js file What I'm going to do is to configure this 190 00:15:58,313 --> 00:16:04,729 server such that it will redirect any traffic coming to the unsecure port. 191 00:16:04,729 --> 00:16:09,780 That is port number 3,000, it'll redirect that request to the secure port. 192 00:16:09,780 --> 00:16:16,285 So to do that, let me set up a middleware right after we declare the app.express. 193 00:16:16,285 --> 00:16:21,541 So here we'll say, app.all, so which means, for 194 00:16:21,541 --> 00:16:27,090 all requests no matter what the path in the request is. 195 00:16:27,090 --> 00:16:33,118 Own request coming in, I'm going to redirect that to, 196 00:16:35,885 --> 00:16:39,582 So we'll say rec, res, next, and 197 00:16:39,582 --> 00:16:44,156 the call back function being defined here. 198 00:16:44,156 --> 00:16:51,820 And so we'll, Declare the function inside here. 199 00:16:51,820 --> 00:16:58,529 And we'll say, if req.secure. 200 00:16:58,529 --> 00:17:04,215 So meaning that, if the incoming request is already a secure request, 201 00:17:04,215 --> 00:17:06,520 so how do we know that? 202 00:17:06,520 --> 00:17:10,591 If the incoming request is already a secure request, then the request 203 00:17:10,591 --> 00:17:15,020 object will carry this flag called secure which will be already set to true. 204 00:17:16,121 --> 00:17:19,410 If the incoming request is not at all secure port but 205 00:17:19,410 --> 00:17:24,960 instead is coming to the insecure port, then the write.secure will not be set. 206 00:17:24,960 --> 00:17:28,331 So, that is what I'm taking care of. 207 00:17:28,331 --> 00:17:31,511 If it is coming to the secure port already, I'm just going to go forward 208 00:17:31,511 --> 00:17:35,110 without doing anything because it's already coming to the secure port. 209 00:17:35,110 --> 00:17:38,514 So I can simple say, next. 210 00:17:39,586 --> 00:17:44,320 Otherwise, so we'll say, return next. 211 00:17:44,320 --> 00:17:48,678 Otherwise, so the otherwise will occur, 212 00:17:52,360 --> 00:17:55,780 When it is coming to the insecure port. 213 00:17:55,780 --> 00:17:59,850 So in this case, I will say res.redirect. 214 00:17:59,850 --> 00:18:03,920 So the redirect method is available, 215 00:18:03,920 --> 00:18:09,390 which redirects the incoming request to another URL. 216 00:18:09,390 --> 00:18:15,960 So, I will redirect this insecure request to https://. 217 00:18:15,960 --> 00:18:24,950 So I am redirecting this request to the, req.host name. 218 00:18:24,950 --> 00:18:27,720 So the request will already carry the hostname. 219 00:18:27,720 --> 00:18:31,083 So, because this is coming to the same server, so 220 00:18:31,083 --> 00:18:33,657 I'm redirecting to the same server. 221 00:18:33,657 --> 00:18:38,428 And then we'll say +, 222 00:18:41,726 --> 00:18:44,860 ; + app.get. 223 00:18:44,860 --> 00:18:52,468 Now recall that we had already configured the secure port in the app.get there. 224 00:18:52,468 --> 00:19:00,861 So we'll say app.get secPort + req.url. 225 00:19:00,861 --> 00:19:05,757 Now this req.url will contain the rest of the path 226 00:19:05,757 --> 00:19:10,080 except the hostname, and the port number. 227 00:19:10,080 --> 00:19:12,943 So if you say a localhost:3000, 228 00:19:12,943 --> 00:19:17,685 that localhost:3000 will be covered by the first part and 229 00:19:17,685 --> 00:19:24,110 this will be redirected to localhost:3443 by this configuration here. 230 00:19:24,110 --> 00:19:29,410 And then, the rest of it, the req.url will contain the actual path on the server. 231 00:19:29,410 --> 00:19:34,220 So, we just add it to the redirect path, and 232 00:19:34,220 --> 00:19:39,390 this is the path to which I'm going to redirect the incoming request message. 233 00:19:39,390 --> 00:19:42,200 So once I redirect the incoming request message, 234 00:19:42,200 --> 00:19:46,630 then my request message will be redirected to the secured port. 235 00:19:46,630 --> 00:19:50,240 And one last change could res.redirect, 236 00:19:50,240 --> 00:19:54,470 we will add the written status code as 307. 237 00:19:54,470 --> 00:19:59,084 307 here represents that the target resource resides temporarily under 238 00:19:59,084 --> 00:20:00,890 different URL. 239 00:20:00,890 --> 00:20:04,990 And the user agent must not change the request method if it 240 00:20:04,990 --> 00:20:08,120 reforms in automatic redirection to that URL. 241 00:20:08,120 --> 00:20:11,880 So, I'll be expecting user agent to retry 242 00:20:11,880 --> 00:20:16,780 with the same method that they have used for the original end point. 243 00:20:16,780 --> 00:20:21,820 That's it, that the change that I need to make in app.js file. 244 00:20:21,820 --> 00:20:26,452 So, having changed the app.js, and the www, and 245 00:20:26,452 --> 00:20:30,548 also generated the key and the certificate, 246 00:20:30,548 --> 00:20:35,751 we can now save the changes, and go and start our server. 247 00:20:36,864 --> 00:20:41,606 Going to the terminal or the command window, make sure that you're 248 00:20:41,606 --> 00:20:46,340 back in your conFusionServer folder, and then start the server. 249 00:20:46,340 --> 00:20:49,443 So I'm at the terminal typing npm start. 250 00:20:52,473 --> 00:20:57,295 And your server will be up and running, and you also notice that we are printing 251 00:20:57,295 --> 00:21:01,848 out here saying, Secure Server listening on port number 3443 here. 252 00:21:01,848 --> 00:21:09,322 To accent the secure server, go to a browser like Chrome here. 253 00:21:09,322 --> 00:21:13,648 And then, let me first access the secure server at 254 00:21:13,648 --> 00:21:19,750 localhost:3443 which is where my secure server is running. 255 00:21:19,750 --> 00:21:29,490 And notice that when I try the https://localhost3443 in the browser, 256 00:21:29,490 --> 00:21:34,170 it'll come up with this message here saying, Your connection is not private. 257 00:21:34,170 --> 00:21:37,670 Obviously, because the certificate what we are using right now 258 00:21:37,670 --> 00:21:39,640 is a self-signed certificate. 259 00:21:39,640 --> 00:21:44,770 And this is not recognized by Chrome as a valid certificate. 260 00:21:44,770 --> 00:21:49,780 But since we know what we are doing, it's okay for us to accept 261 00:21:49,780 --> 00:21:56,210 that we're going to be allowing to proceed to this particular server. 262 00:21:56,210 --> 00:22:00,630 Now, I will strongly advise you never to do this on 263 00:22:00,630 --> 00:22:04,110 any site that comes up with the suggestion. 264 00:22:04,110 --> 00:22:07,260 We are doing this specifically in this exercise because 265 00:22:07,260 --> 00:22:09,430 we know exactly where the server is, and 266 00:22:09,430 --> 00:22:13,480 we know that we have explicitly configured the server ourselves. 267 00:22:13,480 --> 00:22:18,930 But if any other website comes up with this message, I would strongly 268 00:22:18,930 --> 00:22:24,750 advise you not to accept the suggestion and proceed to access the server. 269 00:22:24,750 --> 00:22:31,840 So you should jump back to safety if you ever see this or on any other website. 270 00:22:31,840 --> 00:22:36,360 But since we know that this is our own server, I'm going to proceed to 271 00:22:36,360 --> 00:22:43,450 the localhost here, and then you would see that we are accessing the Express server. 272 00:22:43,450 --> 00:22:45,900 And also you would notice up here 273 00:22:45,900 --> 00:22:51,280 that your browser is showing you that you're accessing an insecure server. 274 00:22:51,280 --> 00:22:54,040 When you click on that, you would see that message 275 00:22:54,040 --> 00:22:57,160 here saying that your connection to the site is not secure. 276 00:22:57,160 --> 00:23:04,068 But we know that since we are running the server ourselves, this is okay to do so. 277 00:23:04,068 --> 00:23:08,860 So this is how you would be accessing the HTTPS server. 278 00:23:08,860 --> 00:23:14,338 Now, let me try to access the same HTTP server but, let me access the, 279 00:23:16,040 --> 00:23:19,206 Standard localhost:3000. 280 00:23:19,206 --> 00:23:24,625 This is where our insecure server are to the normal HTTP server is running. 281 00:23:24,625 --> 00:23:30,190 So when I try to access that HTTP localhost:3000, 282 00:23:30,190 --> 00:23:37,700 then you immediately see that my server will redirect me to the secure server. 283 00:23:37,700 --> 00:23:41,850 So this way, your server that we have just configure 284 00:23:41,850 --> 00:23:46,740 ensure that you will always access the server on its secure port. 285 00:23:46,740 --> 00:23:50,040 This also guarantees the fact that, when you are exchanging, 286 00:23:50,040 --> 00:23:52,902 when you're sending in your credentials, and so on, 287 00:23:52,902 --> 00:23:56,343 all the exchange of the credentials in the header of the message. 288 00:23:56,343 --> 00:24:01,863 And also when you log in with the local authentication, all that is done in 289 00:24:01,863 --> 00:24:07,910 a secure manner in an encrypted channel between your client and the server. 290 00:24:07,910 --> 00:24:15,010 So, now, we have configured our server to be a secure HTTPS server. 291 00:24:15,010 --> 00:24:18,090 With this, we complete this exercise. 292 00:24:18,090 --> 00:24:22,880 In this exercise, we have learned how to configure a secure HTTP server or 293 00:24:22,880 --> 00:24:25,930 using the HTTPS protocol. 294 00:24:25,930 --> 00:24:27,994 With this, we complete this exercise. 295 00:24:27,994 --> 00:24:34,230 This is a good time for you to do a git commit with the message, HTTPS. 296 00:24:34,230 --> 00:24:36,719 [MUSIC]