DEV Community

Justin Patriquin
Justin Patriquin

Posted on

3

TLS with Nitrogen

#webdev #beginners #nginx #opensource

I was recently reminded about the tool mkcert and it inspired me to add a TLS example to the Nitrogen. mkcert makes its incredibly easy to test TLS with your application during local development. Its very important to note that the TLS certificates generated by mkcert should only be used for development and never production applications.

mkcert

Just a quick overview of mkcert. Before doing anything you must install the CA to your local machine:

mkcert -install
Enter fullscreen mode Exit fullscreen mode

Then generating a certificate for localhost is as simple as running:

mkcert localhost
Enter fullscreen mode Exit fullscreen mode

nginx

Adding TLS certificates requires editing a nginx.conf file and putting the file in the proper place for nginx to read.

Example nginx configuration file with TLS enabled:

server {
  listen 443 ssl default_server;

  ssl_certificate /etc/ssl/certs/nitrogen.pem;
  ssl_certificate_key /etc/ssl/private/nitrogen.key;
}
Enter fullscreen mode Exit fullscreen mode

Then in the Dockerfile we would have some entries like:

COPY nginx.conf /etc/nginx/conf.d/nginx.conf
COPY nitrogen.key /etc/ssl/private/nitrogen.key
COPY nitrogen.pem /etc/ssl/certs/nitrogen.pem
Enter fullscreen mode Exit fullscreen mode

Nitrogen Example

Check out the full example here. This is a condensed version.

Note: also useful to checkout the nitrogen README.md first as well

Note: you'll also need an AWS account :D

First you'll need to clone the repo and install nitrogen:

$ git clone https://github.com/capeprivacy/nitrogen
$ curl -fsSL https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.sh | sh
Enter fullscreen mode Exit fullscreen mode

Then from the root of the repo (cd nitrogen) you can run the following commands and hopefully see some glorious HTML served over TLS:

$ nitrogen setup nitrogen-nginx-tls ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

From setup you should see an ec2 hostname which needs to be used in the next command:

$ mkcert -install
$ mkcert -cert-file nitrogen.pem -key-file nitrogen.key <HOSTNAME FROM ABOVE>
$ cp nitrogen.pem nitrogen.key examples/nginx-tls
Enter fullscreen mode Exit fullscreen mode 
$ nitrogen build examples/nginx-tls/
$ nitrogen deploy nitrogen-nginx-tls ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode

Finally you can run curl:

$curl https://<HOSTNAME FROM ABOVE>:5000/
Enter fullscreen mode Exit fullscreen mode

Finally finally, tear down your cloud formation stack so you don't get charged unnecessarily:

$ nitrogen delete nitrogen-nginx-tls
Enter fullscreen mode Exit fullscreen mode

Thanks for reading! We'd love to hear what you think in the comments below. Please star Nitrogen on GitHub, and come chat on Discord.

profile
Hostinger
 Promoted

Hostinger image

Get n8n VPS hosting 3x cheaper than a cloud solution

Get fast, easy, secure n8n VPS hosting from $4.99/mo at Hostinger. Automate any workflow using a pre-installed n8n application and no-code customization.

Start now

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

dpc profile image

Daily JavaScript Challenge #JS-73: Validate Palindrome Permutation

DPC -

chris_devto profile image

Scandinavian Airlines were fined $100,000 for accessibility bugs

Chris -

dvalin99 profile image

Uno Platform is the revolution 🛸

Domenico Tenace -

keploy profile image

React Testing: A Comprehensive Guide

keploy -