Enable both manual and automatic HTTPS/SSL mode

vercel / serve

Static file serving and directory listing

https://npmjs.com/package/serve

MIT License

9.43k stars 693 forks source link

Enable both manual and automatic HTTPS/SSL mode #627

Open nermin99 opened 4 years ago

nermin99 commented 4 years ago

Why was support(#274) for automatic HTTPS removed? As per #520 and #511 it is understandable that users might want to use manual certs and keys, but there is still, no even more, use cases for automatic SSL/HTTPS. One of the biggest reasons why serve is so popular is because it's a one-line command to literally "serve" your application. If a user wants or for some reason needs HTTPS they don't wanna have to go through a whole process of installing another tool just to get it.

Personally I stumbled upon serve when building my create-react-app and wanted to "serve" it. But because I use service workers and push notifications I need to serve it over HTTPS so I can test on other devices on the network. Sure I can get HTTPS for my self as per #520, but my co-workers can't, since they might not have their own manual certs and keys... you see the problem?

There is no reason why both manual and automatic HTTPS can't be supported.

jwarby commented 4 years ago

It looks like support was dropped during a rewrite in 2018, whether intentionally or not I don't know :shrug:

For now I'm running serve at version 6 instead (npx serve@6 --ssl ...) and it's working well for my particular use case (serving builds on localhost over HTTPS and running end-to-end tests against them).

TimDaub commented 3 years ago

For now I'm running serve at version 6 instead (npx serve@6 --ssl ...) and it's working well for my particular use case

lovely :) Thanks for pointing out that version.

TimDaub commented 3 years ago

I fix and published vercel/serve@6.5.8 as npm i ssl-serve. Repo: https://github.com/TimDaub/ssl-serve

warren-bank commented 2 years ago

shameless self-promotion alert:
this feature is available in my @warren-bank/serve fork of serve

notes:

--ssl is a convience option that is equivalent to:
- --ssl-cert cert.pem
- --ssl-key key.pem
- --ssl-pass pass.phrase
this is a certificate that I generated with OpenSSL
- scripts are included to regenerate a new certificate
- ..if you choose to do so, just make sure the filenames are consistent,
  as --ssl uses hard-coded (relative) paths

gavinr-maps commented 1 month ago

@AndyBitz if this functionality (automatic HTTPS/SSL using a self-signed cert when running npx serve --ssl) is added via PR, would the maintainers consider it for merging?

(related/duplicate: #614)

AndyBitz commented 4 weeks ago

@gavinr-maps Yes! That sounds like a good idea. Functionality wise I can imagine something like we have for Next.js next dev --experimental-https.

rlidwka commented 2 weeks ago

Is there any option in HTTP 2 or HTTP 3 for opportunistic encryption?

I want serve to be encrypted by default (e.g. if I need to use it to share files to my phone over wifi). But I don't want the browser to scream at me for doing so.