Password hashing on frontend or backend?
@John already descriped the passing of the password over the network very well (use HTTPS).
To answer your question:
Where should I hash them? Frontend or Backend?
The backend. If you only hash them in the frontend, you are vulnerable to a pass the hash attack.
The reason that you hash passwords in your database is to prevent an attacker who already compromised your database from using those passwords.
If you hash the passwords in the backend, an attacker has to first crack them to use them on your website. but if you hash them in the frontend, an attacker doesn't need to do this, they can just pass the hash as it is stored in the database.
You are confusing two things: transport security and database security. HTTPS using TLS only protects the transportation of the data from the client to the server. This means an eavesdropper does not know what client and server are sending each other (simplified). The storing of passwords is an entirely different topic. You want to make sure, that even if an attacker gets access to your database, he cannot get access to the plaintext passwords.
No matter how you store the passwords you should always use TLS. Otherwise an eavesdropper can record what the client sends to the server to authenticate. Then it would not matter whether you do password HASHING on the client-side or server-side. The attacker could simply record what goes over the wire and replay the communication to gain access, impersonating the client.
(Note that you want to do password HASHING, not encryption. Hashing is one-way, encryption is not)
The hashing should be done at the back-end. The back-end is under your control, so you can enforce that the hashing is taking place as it should. Additionally you can have client-side hashing. You should not use client-side hashing alone, as the process would e.g. be done in JavaScript which the user could block or manipulate. It may not seem like a reasonable threat, but you should never trust any user supplied data. Therefore you should not assume that the client is doing the hashing properly. This implies you most definitely have to do it at the back-end.
HTTPS provides security for the transport layer only. It has nothing to do with the security mechanisms needed for the storage.
You shouldn't crypt passwords. You should hash them, so you could not decrypt them later (nor an attacker).
And the hash step is always done on the backend, since doing it on client-side would allow an attacker which got access to your hashes a method to login on every account.