nitro icon indicating copy to clipboard operation
nitro copied to clipboard
verified publisher icon nitrojs

Production cert and key should support filesystem paths

Open pi0 opened this issue 3 years ago • 7 comments

Ref: https://github.com/nuxt/nuxt.js/issues/12827

Running a production server with SSL needs the NITRO_SSL_CERT and NITRO_SSL_KEY to be from filesystem.

As a workaround (UNIX and Mac), we can use:

NITRO_SSL_CERT="`cat path/to/cert.pem`" NITRO_SSL_KEY="`cat path/to/key.pem`" node .output/server/index.mjs

pi0 avatar Dec 12 '22 10:12 pi0

Amazing that worked :D thank you for the quick reply

dataexcess avatar Dec 12 '22 11:12 dataexcess

Do you have any idea how to write this line in a package.json file? backticks are not allowed...

dataexcess avatar Dec 12 '22 12:12 dataexcess

You can use a server.sh script that starts the server with SSL.

#!/bin/bash
export NITRO_SSL_CERT="`cat path/to/cert.pem`"
export NITRO_SSL_KEY="`cat path/to/key.pem`"
exec node .output/server/index.mjs

"start": "./server.sh"

pi0 avatar Dec 12 '22 12:12 pi0

Works like a charm ✨ thank you! And I can set the PORT and HOST var before, perfect. "start": "HOST=localhost PORT=3001 ./server.sh"

dataexcess avatar Dec 12 '22 12:12 dataexcess

@pi0 Could it be just as simple as this:

import { readFileSync } from "node:fs";
import { resolve } from "pathe";

...

let cert = process.env.NITRO_SSL_CERT;
let key = process.env.NITRO_SSL_KEY;

if (cert && key) {
  cert = readFileSync(resolve(cert), "utf8");
  key = readFileSync(resolve(key), "utf8");
}

alex-key avatar Mar 03 '23 07:03 alex-key

Any idea when the fix will be available?

ananthachetan avatar Mar 20 '23 13:03 ananthachetan

For me, even when specifying NITRO_SSL_KEY and NITRO_SSL_CERT, it always starts as HTTP rather than HTTPS.

rudolfbyker avatar May 23 '23 09:05 rudolfbyker