AdonisJS Framework
How to humanely publish a project with HTTPS certificates #4944
Replies: 4 comments 2 replies
-
|
Hi, thanks for your feedback. In most production setups, handling HTTPS is typically delegated to a reverse proxy such as Nginx, Traefik, Caddy, or Apache. These tools are designed specifically to manage TLS certificates, handle protocol negotiation, and provide better security and performance for public-facing endpoints. Managing HTTPS directly within the application is generally discouraged, as it introduces complexity and security risks that are better handled by dedicated, battle-tested software. |
Beta Was this translation helpful? Give feedback.
-
I think the opposite is true. Example Nuxt nitro server: simple to configure, just add the key files for https and invoke with the flag "--https". Me too looking for a simple way to serve https like with https flag like "node ace serve -https". Will try the solution of insider515. Or do you have a better way to use https with a front end only rendered SPA? |
Beta Was this translation helpful? Give feedback.
-
|
I found this solution for myself. Maybe it will be useful to someone.. #/bin/server.ts const APP_ROOT = new URL('../', import.meta.url); const sslOptions = { new Ignitor(APP_ROOT, { importer: IMPORTER }) |
Beta Was this translation helpful? Give feedback.
-
|
The solution is simpler than it seems. Just run nginx on top of adonisjs. I
can show you a setup example if you'd like.
пт, 24 жовт. 2025 р. о 20:17 Fuchssystems ***@***.***> пише:
… Managing` HTTPS directly within the application is generally discouraged,
as it introduces complexity and security risks that are better handled by
dedicated, battle-tested software.
I think the opposite is true.
The node server should handle https well.
I have a nuxt (vue) front end and want to communicate direct with an
adonisjs server on another machine.
No server side rendering, so a simple web server is enough. All magic is
done in the frontend.
An additional piece of software only for the sake of being able makes no
sense to me and I reject the idea.
Example Nuxt nitro server: simple to configure, just add the key files for
https and invoke with the flag "--https".
Me too looking for a simple way to serve https like with https flag like
"node ace serve -https".
Will try the solution of insider515.
Or do you have a better way to use https with a front end only rendered
SPA?
—
Reply to this email directly, view it on GitHub
<#4944 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A35FYLTZ25CIXI6BPNPVOS33ZJUNNAVCNFSM6AAAAAB6XS36QOVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTINZXGU4DINI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Yes, please send me the example or the link to it. You are right in that a reverse proxy setup is best for most use cases, however I think for a very simple use case shuffling data via an additional piece of software (nginx) is not neccessary (when the data in the backend is of no value, very few traffic). |
Beta Was this translation helpful? Give feedback.
-
|
Here I also have a web socket setting.
сб, 25 окт. 2025 г. в 12:44, Fuchssystems ***@***.***>:
… Yes, please send me the example or the link to it.
You are right in that a reverse proxy setup is best for most use cases,
however I think for a very simple use case shuffling data via an additional
piece of software (nginx) is not neccessary (when the data in the backend
is of no value, very few traffic).
—
Reply to this email directly, view it on GitHub
<#4944 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A35FYLXKFC5OXUR5IK5GIHT3ZNH7ZAVCNFSM6AAAAAB6XS36QOVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTINZXHEZTENI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
----
С уважением,
Whatsapp Viber Telegram: +382 68 397 463 <+7+(900)+13+33+808>
Skype: Heretic_515 (в режиме чата)
ICQ: 606017777
<http://www.icq.com/whitepages/cmd.php?uin=UIN&action=message>
mail: ***@***.*** ***@***.***?subject=Вопрос+Михаилу>
server {
listen 80;
server_name domen.com;
return 301 https://domen.com$request_uri;
}
server {
listen 80;
server_name www.domen.com;
return 301 https://domen.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.domen.com;
ssl_certificate /domen/certs/fullchain.pem;
ssl_certificate_key /domen/certs/privkey.pem;
return 301 https://domen.com$request_uri;
}
server {
listen 443 ssl http2;
server_name domen.com;
# SSL certificats
ssl_certificate /domen/certs/fullchain.pem;
ssl_certificate_key /domen/certs/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Logs
access_log /var/log/nginx/domen.access.log;
error_log /var/log/nginx/domen.error.log;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# Static files
root /domen/public;
location / {
proxy_pass http://localhost:3334;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Processing static files
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, no-transform";
try_files $uri @Proxy;
#try_files $uri =404;
}
location @Proxy {
proxy_pass http://localhost:3333;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://localhost:4444;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Why is there no normal instructions anywhere on how to publish a project with certificates without HTTPS crutches? The absence of this functionality makes the framework non grata. Using a second web server for these purposes is pornography. Manually editing something that should work out of the box is terrible. Please provide a way to simply specify the path to the certificates and the protocol type in ENV - so that it works, like a human being. Thanks in advance. I'll go try to find a way to launch my project with HTTPS..
Beta Was this translation helpful? Give feedback.
All reactions