-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to provide certs for https local dev server #2118
Comments
The flags in miniflare are here: https://github.com/cloudflare/miniflare/blob/master/packages/http-server/src/plugin.ts#L92-L95 |
Thanks for bringing this up! I've added it to our backlog. @mrbbot thoughts? |
I just saw another potential solution on discord: https://discord.com/channels/595317990191398933/1052656806058528849/threads/1058205277079490620 It may also be possible to use However, with the latter I get:
|
it's also important to be able to specify cert/key per instance. overwriting |
I faced a similar issue while setting up HTTPS for localhost on the Remix app targeted for CF Pages. I tried setting up the
|
I think it is at |
that's what |
I'm on Ubuntu 20.04.4 and it used to be at Edit: On a fresh install of Ubuntu 22.04.2, I installed wrangler 2.15.1 and the config is at Edit2: Okay, as per source code, it depends on your
|
FYI I have started looking into this to create a PR. I am thinking that if SSL certs exist at the project root then it should pick those up. I am considering |
Another issue in the archived repo considered specifying the cert/key paths in the |
I believe priorities should be ENV, wrangler.toml, magic name in the same directory of wrangler.toml, and then magic location in $HOME |
I am struggling a bit with running the code in debug mode. There is no documentation around it either so I have to debug it as part of a Remix CF Pages app. It seems that there was an attempt to bring Miniflare into Wrangler but then Wrangler is still using the Miniflare core package as its dependency for various reasons. Can someone advise on it? |
Hi @jabranr , There seem to be so much surface area where all these options are passed through, I think they all converge in that I'm open to helping if you want. I'm working on a sveltekit project on pages dev using oauth (requires ssl for local testing) so I have to re-accept the self signed cert every single code change. I can't use a proxy for a different reason, so I'm really stuck. |
@jspspike does your work capture the issues here? |
My changes shouldn't resolve this entirely. If you change the We can leave this issue open as a request to add a dedicated way to pass in a key and cert for the local https server if that is something that is in demand |
Yes, please. (I don't really care if this issue is used to track this feature request or not - it may necessitate updating the issue's title.) |
@jspspike Thanks for the changes you have already made. For whomever decides to pick this up at any time in the future. I'd like to add details for some use cases that I have. I work on multiple workers based projects and they work with various versions of wrangler. Because of this I tend to not use the global wrangler and have wrangler installed as a dev dependency in my projects. Per project vs global is important to me. I work on projects that have multiple services running so I have to have multiple wranglers running simultaneously. Having multiple configs even within a single project could be beneficial to me. I work on projects that have outside dependencies like social logins (GitHub, Google etc...) and many of those services require a full domain to be set up like local.myproject.com for local testing (no localhost or 127.0.0.1) or ci.myproject.com for ci automated testing and local / ci browsers need to be configured to trust those certificates. I really need to bring my own PKI to the table in these scenarios. There is probably an argument here to just push ssl termination to a reverse proxy but I have run into at least one instance in the past where that was an issue. I think it was a pages dev project with svelte-kit (ultimately vite behind svelte-kit) that was having issues. If it had to be a single solution within workers-sdk, I would choose command line options for user generated certificates. I feel like most scenarios could be covered by those two options combined. |
Hey @paulrostorp! Thanks for the ping. I'll follow up with the team and see if we can get this landed. We're currently restricting which changes go into Wrangler due to some recent incidents. 👍 |
hi @paulrostorp :) thanks for the contribution! following up on @mrbbot 's comment, we’re finishing the year focusing on work related to stability and bug fixes. given the scope of the PR, we won't be merging it now but will add the |
for anyone coming from a search engine who's interested in a temporary workaround, I'm using nginx as a reverse proxy until the PR merges
if you have multiple workers and/or want to pin which port to configure inside nginx, change your package.json file start script:
|
hi @paulrostorp , i've removed the |
What version of
Wrangler
are you using?2.1.14
What operating system are you using?
Mac
Describe the Bug
When using wrangler to test workers, I need to use https, and use --local-protocol https, well actually I specify it in the toml with:
The problem is that when running in local mode, miniflare is used and it generates a self signed cert every single time I launch. This message is output each time:
A freshly generated self-signed cert every time is awkward because most modern browsers will reject them.
When not in local mode, the wrangler code creates/reads the cert, and will default to ~/.wrangler/local-cert
For my use case I replace the cert in this folder, but I can't do this miniflare when it's running in a temp dir.
Also, I would argue that the two modes should use the same cert, and from a look at the code it looks like miniflare can be passed the path to the cert and key (options https-key and https-cert).
My personal preference would be to be able to optionally be able to pass the cert & key files through to wrangler, and it also forward those on to miniflare in local mode.
The text was updated successfully, but these errors were encountered: