Production cert and key should support filesystem paths

unjs / nitro

Next Generation Server Toolkit. Create web servers with everything you need and deploy them wherever you prefer.

https://nitro.unjs.io

MIT License

5.4k stars 469 forks source link

Production cert and key should support filesystem paths #749

Open pi0 opened 1 year ago

pi0 commented 1 year ago

Ref: https://github.com/nuxt/nuxt.js/issues/12827

Running a production server with SSL needs the NITRO_SSL_CERT and NITRO_SSL_KEY to be from filesystem.

As a workaround (UNIX and Mac), we can use:

NITRO_SSL_CERT="`cat path/to/cert.pem`" NITRO_SSL_KEY="`cat path/to/key.pem`" node .output/server/index.mjs

dataexcess commented 1 year ago

Amazing that worked :D thank you for the quick reply

dataexcess commented 1 year ago

Do you have any idea how to write this line in a package.json file? backticks are not allowed...

pi0 commented 1 year ago

You can use a server.sh script that starts the server with SSL.

#!/bin/bash
export NITRO_SSL_CERT="`cat path/to/cert.pem`"
export NITRO_SSL_KEY="`cat path/to/key.pem`"
exec node .output/server/index.mjs

"start": "./server.sh"

dataexcess commented 1 year ago

Works like a charm ✨ thank you! And I can set the PORT and HOST var before, perfect. "start": "HOST=localhost PORT=3001 ./server.sh"

alex-key commented 1 year ago

@pi0 Could it be just as simple as this:

import { readFileSync } from "node:fs";
import { resolve } from "pathe";

...

let cert = process.env.NITRO_SSL_CERT;
let key = process.env.NITRO_SSL_KEY;

if (cert && key) {
  cert = readFileSync(resolve(cert), "utf8");
  key = readFileSync(resolve(key), "utf8");
}

ananthachetan commented 1 year ago

Any idea when the fix will be available?

rudolfbyker commented 1 year ago

For me, even when specifying NITRO_SSL_KEY and NITRO_SSL_CERT, it always starts as HTTP rather than HTTPS.