ivandpf•8mo ago

Ubuntu Server HTTPS

How can I add https i Ubuntu Server to run Deno API over https? Without using Apache. I run deno compiled file in ./home/user/DenoAPI

25 Replies

Leokuma•8mo ago

const cert = Deno.readTextFileSync("./server.crt");

const key = Deno.readTextFileSync("./server.key");

Deno.serve({ cert, key }, (_req) => new Response("Hello, world"));

const cert = Deno.readTextFileSync("./server.crt");

const key = Deno.readTextFileSync("./server.key");

Deno.serve({ cert, key }, (_req) => new Response("Hello, world"));

ivandpfOP•8mo ago

I have that but no works:

const options = {
    hostname: "0.0.0.0",
    port: parseInt(Deno.env.get("PORT")!),
    cert: Deno.readTextFileSync("./cert.pem"),
    key: Deno.readTextFileSync("./key.pem"),
    secure: true
};

await app.listen(options);

const options = {
    hostname: "0.0.0.0",
    port: parseInt(Deno.env.get("PORT")!),
    cert: Deno.readTextFileSync("./cert.pem"),
    key: Deno.readTextFileSync("./key.pem"),
    secure: true
};

await app.listen(options);

ivandpfOP•8mo ago

I use ur code too:

ivandpfOP•8mo ago

Leokuma•8mo ago

do you get that error only when running the compiled executable or running with deno run too?

ivandpfOP•8mo ago

Compile and run, all

Leokuma•8mo ago

I think localhost will always be labeled as insecure by the browser. Maybe you can somehow configure Certificate Authorities on your machine to work around that but I don't know how to do that or whether that's possible at all Also if you use a self-signed certificate, all browsers will consider it insecure

ivandpfOP•8mo ago

Fck :c

Leokuma•8mo ago

not only browsers will consider it insecure, but also Deno, Postman, curl and every other tool what you can do is to configure your client to ignore unsafe SSL connections that way you can have a self-signed cert and still use the API normally

ivandpfOP•8mo ago

I have frontend https but if do http request, browser don't like that.

Leokuma•8mo ago

I see. You can't bypass the browser security. But if you call your API from Deno, then you can bypass it

ivandpfOP•8mo ago

Deploy? I use local database too. I will upload database in other page.

Leokuma•8mo ago

If you "own" the server (VPS), you could maybe create an endpoint like https://mysite.com/api/api-endpoint and use it to proxy/interface with your unsafe API

ivandpfOP•8mo ago

hmm, with nginx can't bypass?

Leokuma•8mo ago

so the browser calls your HTTPS frontend URL but in the backend the request is forwarded to the API and then sent back to the browser can't bypass with nginx. You will have the same problem wait... maybe you can by using Nginx as a reverse proxy

ivandpfOP•8mo ago

And I must move API file to /var/www/ path?

Leokuma•8mo ago

no, you can have it anywhere in Nginx you route requests to the port your API is listening to for example your frontend listens on 80 and your API listens on 8080 when someone requests https://mysite.com/api, Nginx forwards it to port 8080 only requests that go to /api will be forwarded to port 8080

ivandpfOP•8mo ago

Have u got an example of reverse proxy?

Leokuma•8mo ago

once you install Nginx you will configure it in the file /etc/nginx/sites-enabled/default or something the config is something like this:

server {
  location /api/ {
    proxy_pass http://localhost:8080/;
  }
}

server {
  location /api/ {
    proxy_pass http://localhost:8080/;
  }
}

ivandpfOP•8mo ago

Can I have 1 machine Nginx reverse proxy and another for api? I supose

Leokuma•8mo ago

I never tried that, but I think it works

ivandpfOP•8mo ago

👍 I will try, thanks.

lucsoft•8mo ago

yeah you can chain them

ivandpfOP•8mo ago

Thanks