I would be upgrading to a paid host services for a client’s application that we just finished building. We used nodejs/expressjs for the server. The application uses stripe api for payment. I would like to know if the current http module we are using is okay since Render says it helps to provide and manage free TLS certification. Or I should go ahead and use the https module?
I wasn’t too sure, so I asked this same question on stackoverflow and I got this reply:
Certificates are used as a sort of secret key to enable encryption. If they only provide a certificate, then you are still responsible for doing the actual encryption.
IF they provide TLS termination (load balancer / proxy), then you don’t. If you’re not certain you can always just test this.
So, I am bringing this here because I am not experienced in doing this. What do you have or suggest for me?
Jason, that’s totally right from the perspective of an external request being made to the Render web service.
Based on @valvetec’s post, I think they were wondering if their Express web service itself (that will be deployed on Render) should use the http module.
IIUC, from the perspective of the deployed web service, the request will be http, because Render handles TLS termination before forwarding the request to the web service.