ivandpf
ivandpf4mo ago

Ubuntu Server HTTPS

How can I add https i Ubuntu Server to run Deno API over https? Without using Apache. I run deno compiled file in ./home/user/DenoAPI
25 Replies
Leokuma
Leokuma4mo ago
const cert = Deno.readTextFileSync("./server.crt");

const key = Deno.readTextFileSync("./server.key");

Deno.serve({ cert, key }, (_req) => new Response("Hello, world"));
const cert = Deno.readTextFileSync("./server.crt");

const key = Deno.readTextFileSync("./server.key");

Deno.serve({ cert, key }, (_req) => new Response("Hello, world"));
ivandpf
ivandpf4mo ago
I have that but no works:
const options = {
hostname: "0.0.0.0",
port: parseInt(Deno.env.get("PORT")!),
cert: Deno.readTextFileSync("./cert.pem"),
key: Deno.readTextFileSync("./key.pem"),
secure: true
};

await app.listen(options);
const options = {
hostname: "0.0.0.0",
port: parseInt(Deno.env.get("PORT")!),
cert: Deno.readTextFileSync("./cert.pem"),
key: Deno.readTextFileSync("./key.pem"),
secure: true
};

await app.listen(options);
ivandpf
ivandpf4mo ago
I use ur code too:
No description
ivandpf
ivandpf4mo ago
No description
ivandpf
ivandpf4mo ago
No description
Leokuma
Leokuma4mo ago
do you get that error only when running the compiled executable or running with deno run too?
ivandpf
ivandpf4mo ago
Compile and run, all
Leokuma
Leokuma4mo ago
I think localhost will always be labeled as insecure by the browser. Maybe you can somehow configure Certificate Authorities on your machine to work around that but I don't know how to do that or whether that's possible at all Also if you use a self-signed certificate, all browsers will consider it insecure
ivandpf
ivandpf4mo ago
Fck :c
Leokuma
Leokuma4mo ago
not only browsers will consider it insecure, but also Deno, Postman, curl and every other tool what you can do is to configure your client to ignore unsafe SSL connections that way you can have a self-signed cert and still use the API normally
ivandpf
ivandpf4mo ago
I have frontend https but if do http request, browser don't like that.
Leokuma
Leokuma4mo ago
I see. You can't bypass the browser security. But if you call your API from Deno, then you can bypass it
ivandpf
ivandpf4mo ago
Deploy? I use local database too. I will upload database in other page.
Leokuma
Leokuma4mo ago
If you "own" the server (VPS), you could maybe create an endpoint like https://mysite.com/api/api-endpoint and use it to proxy/interface with your unsafe API
ivandpf
ivandpf4mo ago
hmm, with nginx can't bypass?
Leokuma
Leokuma4mo ago
so the browser calls your HTTPS frontend URL but in the backend the request is forwarded to the API and then sent back to the browser can't bypass with nginx. You will have the same problem wait... maybe you can by using Nginx as a reverse proxy
ivandpf
ivandpf4mo ago
And I must move API file to /var/www/ path?
Leokuma
Leokuma4mo ago
no, you can have it anywhere in Nginx you route requests to the port your API is listening to for example your frontend listens on 80 and your API listens on 8080 when someone requests https://mysite.com/api, Nginx forwards it to port 8080 only requests that go to /api will be forwarded to port 8080
ivandpf
ivandpf4mo ago
Have u got an example of reverse proxy?
Leokuma
Leokuma4mo ago
once you install Nginx you will configure it in the file /etc/nginx/sites-enabled/default or something the config is something like this:
server {
location /api/ {
proxy_pass http://localhost:8080/;
}
}
server {
location /api/ {
proxy_pass http://localhost:8080/;
}
}
ivandpf
ivandpf4mo ago
Can I have 1 machine Nginx reverse proxy and another for api? I supose
Leokuma
Leokuma4mo ago
I never tried that, but I think it works
ivandpf
ivandpf4mo ago
👍 I will try, thanks.
lucsoft
lucsoft4mo ago
yeah you can chain them
ivandpf
ivandpf4mo ago
Thanks