ivandpf•4mo ago

Ubuntu Server HTTPS

How can I add https i Ubuntu Server to run Deno API over https? Without using Apache. I run deno compiled file in ./home/user/DenoAPI

25 Replies

Leokuma•4mo ago

const cert = Deno.readTextFileSync("./server.crt");

const key = Deno.readTextFileSync("./server.key");

Deno.serve({ cert, key }, (_req) => new Response("Hello, world"));

const cert = Deno.readTextFileSync("./server.crt");

const key = Deno.readTextFileSync("./server.key");

Deno.serve({ cert, key }, (_req) => new Response("Hello, world"));

ivandpf•4mo ago

I have that but no works:

const options = {
    hostname: "0.0.0.0",
    port: parseInt(Deno.env.get("PORT")!),
    cert: Deno.readTextFileSync("./cert.pem"),
    key: Deno.readTextFileSync("./key.pem"),
    secure: true
};

await app.listen(options);

const options = {
    hostname: "0.0.0.0",
    port: parseInt(Deno.env.get("PORT")!),
    cert: Deno.readTextFileSync("./cert.pem"),
    key: Deno.readTextFileSync("./key.pem"),
    secure: true
};

await app.listen(options);

ivandpf•4mo ago

I use ur code too:

ivandpf•4mo ago

Leokuma•4mo ago

do you get that error only when running the compiled executable or running with deno run too?

ivandpf•4mo ago

Compile and run, all

Leokuma•4mo ago

I think localhost will always be labeled as insecure by the browser. Maybe you can somehow configure Certificate Authorities on your machine to work around that but I don't know how to do that or whether that's possible at all Also if you use a self-signed certificate, all browsers will consider it insecure

ivandpf•4mo ago

Fck :c

Leokuma•4mo ago

not only browsers will consider it insecure, but also Deno, Postman, curl and every other tool what you can do is to configure your client to ignore unsafe SSL connections that way you can have a self-signed cert and still use the API normally

ivandpf•4mo ago

I have frontend https but if do http request, browser don't like that.

Leokuma•4mo ago

I see. You can't bypass the browser security. But if you call your API from Deno, then you can bypass it

ivandpf•4mo ago

Deploy? I use local database too. I will upload database in other page.

Leokuma•4mo ago

If you "own" the server (VPS), you could maybe create an endpoint like https://mysite.com/api/api-endpoint and use it to proxy/interface with your unsafe API

ivandpf•4mo ago

hmm, with nginx can't bypass?

Leokuma•4mo ago

so the browser calls your HTTPS frontend URL but in the backend the request is forwarded to the API and then sent back to the browser can't bypass with nginx. You will have the same problem wait... maybe you can by using Nginx as a reverse proxy

ivandpf•4mo ago

And I must move API file to /var/www/ path?

Leokuma•4mo ago

no, you can have it anywhere in Nginx you route requests to the port your API is listening to for example your frontend listens on 80 and your API listens on 8080 when someone requests https://mysite.com/api, Nginx forwards it to port 8080 only requests that go to /api will be forwarded to port 8080

ivandpf•4mo ago

Have u got an example of reverse proxy?

Leokuma•4mo ago

once you install Nginx you will configure it in the file /etc/nginx/sites-enabled/default or something the config is something like this:

server {
  location /api/ {
    proxy_pass http://localhost:8080/;
  }
}

server {
  location /api/ {
    proxy_pass http://localhost:8080/;
  }
}

ivandpf•4mo ago

Can I have 1 machine Nginx reverse proxy and another for api? I supose

Leokuma•4mo ago

I never tried that, but I think it works

ivandpf•4mo ago

👍 I will try, thanks.

lucsoft•4mo ago

yeah you can chain them

ivandpf•4mo ago

Thanks