choojs / bankai

:station: - friendly web compiler
Apache License 2.0
1.09k stars 102 forks source link

Seamless HTTPS without certificate warnings: integrate nodecert/https-server #519

Open aral opened 5 years ago

aral commented 5 years ago

https-server-v1 0 4

This is a 🙋 feature request.

As documented in the readme, the expected behaviour of Bankai currently is to present a certificate error in the browser on first use.

I just released nodecert (github mirror), which uses mkcert to create locally-trusted certificates. I also just released https-server (github mirror) which uses nodecert to provide a seamless experience for running a local development server over port 443.

To try it out with some static content:

  1. npm i -g @ind.ie/https-server
  2. https-server [folder-to-serve]
  3. Go to https://localhost to view the site without certificate warnings.

One of the reasons I wrote these is because I am considering using Choo and Bankai for my next project and I’d love to see this seamless workflow integrated. I wanted to get your thoughts on (a) whether this is something you’d like to see in Bankai and (b) if you had any thoughts on how best to integrate it before kicking off by myself :)

goto-bus-stop commented 5 years ago

this looks rad! there is potentially a licensing problem because bankai is MIT, and afaik that doesn't let us use AGPL software.

are there any side effects to running this? for example, if someone tries out bankai and decides it doesn't fit their use case, will they have a certificate authority thing stored somewhere forever? if so, it might be best to integrate it as a command you can run (eg bankai cert), and log a message telling you about that command in bankai start.

aral commented 5 years ago

Thanks :)

Re: the license, yes, you’re right: you cannot use AGPL/GPL in an MIT project but you can do it the other way around. Just out of curiosity, was there a specific reason for the MIT licensing decision? (Given that Bankai/Choo appear to be for individuals and not for corporate use and if the latter uses them it would be good to force them to give back, it might make sense to license it under AGPL.)

Re: side-effects. Yes, the certificates and the root certificate store would remain. This is definitely something the person should be made aware of but it also means that any other dev server can use them in the future (e.g., if you’re using https-server directly).

aral commented 5 years ago

Just a quick update, I made an internal fork of Bankai for the Hypha project and implemented https-server as well as some simplifications (I don’t need SSR-rendering of Choo apps, for example).

Here’s the source, in case it helps:

https://source.ind.ie/hypha/tools/web-compiler

Also, I added an example to the readme with the initial Hypha project scaffolding code so you can see how I’m using it.

Thank you all for Bankai and Choo – they’re amazing. Being able to have HTTPS routes, WebSocket routes, and static routes co-exist with live reload at development time rocks (using SSE was a masterstroke) ;) As is the auto Service Worker support.

:heart: :balloon: