Do I need to setup https on my nodejs application when deploying on render?

I would be upgrading to a paid host services for a client’s application that we just finished building. We used nodejs/expressjs for the server. The application uses stripe api for payment. I would like to know if the current http module we are using is okay since Render says it helps to provide and manage free TLS certification. Or I should go ahead and use the https module?

I wasn’t too sure, so I asked this same question on stackoverflow and I got this reply:

Certificates are used as a sort of secret key to enable encryption. If they only provide a certificate, then you are still responsible for doing the actual encryption.

IF they provide TLS termination (load balancer / proxy), then you don’t. If you’re not certain you can always just test this.

So, I am bringing this here because I am not experienced in doing this. What do you have or suggest for me?

Hi @valvetec, you should continue to use the http module. Render handles TLS termination.

Finally, Render automatically redirects all HTTP requests to HTTPS so your users’ security is never compromised.

Concerning external web requests, Render is HTTPS only. Data Service connections are also TLS only. Security everywhere.

Jason, that’s totally right from the perspective of an external request being made to the Render web service.

Based on @valvetec’s post, I think they were wondering if their Express web service itself (that will be deployed on Render) should use the http module.

IIUC, from the perspective of the deployed web service, the request will be http, because Render handles TLS termination before forwarding the request to the web service.

Thank you for your replies

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.