0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
nodejs/doc/api/https.markdown

245 lines
7.2 KiB
Markdown
Raw Normal View History

2012-02-27 20:09:34 +01:00
# HTTPS
2011-01-21 22:12:35 +01:00
Stability: 2 - Stable
HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a
2011-01-21 22:12:35 +01:00
separate module.
## Class: https.Agent
An Agent object for HTTPS similar to [`http.Agent`][]. See [`https.request()`][]
for more information.
2012-02-27 20:09:34 +01:00
## Class: https.Server
2011-04-28 09:36:04 +02:00
This class is a subclass of `tls.Server` and emits events same as
[`http.Server`][]. See [`http.Server`][] for more information.
2011-04-28 09:36:04 +02:00
### server.setTimeout(msecs, callback)
See [`http.Server#setTimeout()`][].
### server.timeout
See [`http.Server#timeout`][].
## https.createServer(options[, requestListener])
2011-04-28 09:36:04 +02:00
2011-11-26 03:26:11 +01:00
Returns a new HTTPS web server object. The `options` is similar to
[`tls.createServer()`][]. The `requestListener` is a function which is
automatically added to the `'request'` event.
2011-01-21 22:12:35 +01:00
Example:
```js
// curl -k https://localhost:8000/
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
```
2011-01-21 22:12:35 +01:00
Or
```js
const https = require('https');
const fs = require('fs');
const options = {
pfx: fs.readFileSync('server.pfx')
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
```
2011-01-21 22:12:35 +01:00
### server.close([callback])
See [`http.close()`][] for details.
### server.listen(handle[, callback])
### server.listen(path[, callback])
### server.listen(port[, host][, backlog][, callback])
See [`http.listen()`][] for details.
## https.get(options, callback)
Like [`http.get()`][] but for HTTPS.
`options` can be an object or a string. If `options` is a string, it is
automatically parsed with [`url.parse()`][].
Example:
```js
const https = require('https');
https.get('https://encrypted.google.com/', (res) => {
console.log('statusCode: ', res.statusCode);
console.log('headers: ', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
}).on('error', (e) => {
console.error(e);
});
```
## https.globalAgent
Global instance of [`https.Agent`][] for all HTTPS client requests.
2011-01-21 22:21:01 +01:00
## https.request(options, callback)
2011-01-21 22:12:35 +01:00
Makes a request to a secure web server.
`options` can be an object or a string. If `options` is a string, it is
automatically parsed with [`url.parse()`][].
All options from [`http.request()`][] are valid.
2011-01-21 22:12:35 +01:00
Example:
```js
const https = require('https');
2011-01-21 22:12:35 +01:00
var options = {
hostname: 'encrypted.google.com',
port: 443,
path: '/',
method: 'GET'
};
2011-01-21 22:12:35 +01:00
var req = https.request(options, (res) => {
console.log('statusCode: ', res.statusCode);
console.log('headers: ', res.headers);
2011-01-21 22:12:35 +01:00
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.end();
2011-01-21 22:12:35 +01:00
req.on('error', (e) => {
console.error(e);
});
```
2011-01-21 22:12:35 +01:00
The options argument has the following options
2011-10-22 16:40:15 +02:00
- `host`: A domain name or IP address of the server to issue the request to.
Defaults to `'localhost'`.
- `hostname`: Alias for `host`. To support `url.parse()` `hostname` is
preferred over `host`.
- `family`: IP address family to use when resolving `host` and `hostname`.
Valid values are `4` or `6`. When unspecified, both IP v4 and v6 will be
used.
2011-10-22 16:40:15 +02:00
- `port`: Port of remote server. Defaults to 443.
- `localAddress`: Local interface to bind for network connections.
- `socketPath`: Unix Domain Socket (use one of host:port or socketPath).
2011-10-22 16:40:15 +02:00
- `method`: A string specifying the HTTP request method. Defaults to `'GET'`.
- `path`: Request path. Defaults to `'/'`. Should include query string if any.
E.G. `'/index.html?page=12'`. An exception is thrown when the request path
contains illegal characters. Currently, only spaces are rejected but that
may change in the future.
2011-10-22 16:40:15 +02:00
- `headers`: An object containing request headers.
- `auth`: Basic authentication i.e. `'user:password'` to compute an
Authorization header.
- `agent`: Controls [`Agent`][] behavior. When an Agent is used request will
default to `Connection: keep-alive`. Possible values:
- `undefined` (default): use [`globalAgent`][] for this host and port.
2011-10-22 16:40:15 +02:00
- `Agent` object: explicitly use the passed in `Agent`.
- `false`: opts out of connection pooling with an Agent, defaults request to
`Connection: close`.
The following options from [`tls.connect()`][] can also be specified. However, a
[`globalAgent`][] silently ignores these.
2011-10-22 16:40:15 +02:00
- `pfx`: Certificate, Private key and CA certificates to use for SSL. Default `null`.
2011-10-22 16:40:15 +02:00
- `key`: Private key to use for SSL. Default `null`.
- `passphrase`: A string of passphrase for the private key or pfx. Default `null`.
2011-10-22 16:40:15 +02:00
- `cert`: Public x509 certificate to use. Default `null`.
- `ca`: A string, `Buffer` or array of strings or `Buffer`s of trusted
certificates in PEM format. If this is omitted several well known "root"
CAs will be used, like VeriSign. These are used to authorize connections.
- `ciphers`: A string describing the ciphers to use or exclude. Consult
<https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT> for
details on the format.
- `rejectUnauthorized`: If `true`, the server certificate is verified against
the list of supplied CAs. An `'error'` event is emitted if verification
fails. Verification happens at the connection level, *before* the HTTP
request is sent. Default `true`.
- `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force
SSL version 3. The possible values depend on your installation of
OpenSSL and are defined in the constant [`SSL_METHODS`][].
In order to specify these options, use a custom [`Agent`][].
Example:
```js
var options = {
hostname: 'encrypted.google.com',
port: 443,
path: '/',
method: 'GET',
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
options.agent = new https.Agent(options);
var req = https.request(options, (res) => {
...
}
```
Alternatively, opt out of connection pooling by not using an `Agent`.
Example:
```js
var options = {
hostname: 'encrypted.google.com',
port: 443,
path: '/',
method: 'GET',
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),
agent: false
};
var req = https.request(options, (res) => {
...
}
```
[`Agent`]: #https_class_https_agent
[`globalAgent`]: #https_https_globalagent
[`http.Agent`]: http.html#http_class_http_agent
[`http.close()`]: http.html#http_server_close_callback
[`http.get()`]: http.html#http_http_get_options_callback
[`http.listen()`]: http.html#http_server_listen_port_hostname_backlog_callback
[`http.request()`]: http.html#http_http_request_options_callback
[`http.Server#setTimeout()`]: http.html#http_server_settimeout_msecs_callback
[`http.Server#timeout`]: http.html#http_server_timeout
[`http.Server`]: http.html#http_class_http_server
[`https.Agent`]: #https_class_https_agent
[`https.request()`]: #https_https_request_options_callback
[`SSL_METHODS`]: https://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS
[`tls.connect()`]: tls.html#tls_tls_connect_options_callback
[`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener
[`url.parse()`]: url.html#url_url_parse_urlstr_parsequerystring_slashesdenotehost