How does HTTPS work and how do you set up TLS in Node.js?

HTTPS adds TLS (Transport Layer Security) on top of HTTP, providing encryption, data integrity, and server authentication. TLS uses asymmetric cryptography (public/private key pair) for key exchange and symmetric encryption for data transfer. Setting up HTTPS in Node.js natively: (1) Obtain a TLS certificate — Let's Encrypt (free, automated via Certbot), or generate self-signed for development: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes; (2) Create HTTPS server: const https = require("https"); const options = { key: fs.readFileSync("key.pem"), cert: fs.readFileSync("cert.pem") }; https.createServer(options, app).listen(443);. In production, TLS termination is usually handled by a reverse proxy (Nginx, HAProxy, AWS ALB) which decrypts HTTPS and forwards plain HTTP to Node.js — simpler certificate management and better performance. For Express apps deployed on Heroku, Render, or similar PaaS platforms, HTTPS is handled automatically at the platform level. Always redirect HTTP to HTTPS: listen on port 80 and respond with 301 redirect to https://.