feat: Support SSL without reverse proxy (#2959)

* Enable (optional) reading SSL certificates on startup * Update gitignore * fix: Expect ssl environment variables to be Base64 encoded * docs: Add env variables to .env.sample
2022-01-22 17:40:55 -08:00
parent 50547ae355
commit e4dbd67ae1
4 changed files with 64 additions and 2 deletions
--- a/server/utils/ssl.ts
+++ b/server/utils/ssl.ts
@@ -0,0 +1,42 @@
+import fs from "fs";
+import path from "path";
+import env from "../env";
+
+/**
+ * Find if SSL certs are available in the environment or filesystem and return
+ * as a valid ServerOptions object
+ */
+export function getSSLOptions() {
+  function safeReadFile(name: string) {
+    try {
+      return fs.readFileSync(
+        path.normalize(`${__dirname}/../../../${name}`),
+        "utf8"
+      );
+    } catch (err) {
+      return undefined;
+    }
+  }
+
+  try {
+    return {
+      key:
+        (env.SSL_KEY
+          ? Buffer.from(env.SSL_KEY, "base64").toString("ascii")
+          : undefined) ||
+        safeReadFile("private.key") ||
+        safeReadFile("private.pem"),
+      cert:
+        (env.SSL_CERT
+          ? Buffer.from(env.SSL_CERT, "base64").toString("ascii")
+          : undefined) ||
+        safeReadFile("public.cert") ||
+        safeReadFile("public.pem"),
+    };
+  } catch (err) {
+    return {
+      key: undefined,
+      cert: undefined,
+    };
+  }
+}