TLS with Nitrogen

justin1121

Justin Patriquin

Posted on November 7, 2022

TLS with Nitrogen

I was recently reminded about the tool mkcert and it inspired me to add a TLS example to the Nitrogen. mkcert makes its incredibly easy to test TLS with your application during local development. Its very important to note that the TLS certificates generated by mkcert should only be used for development and never production applications.

mkcert

Just a quick overview of mkcert. Before doing anything you must install the CA to your local machine:

mkcert -install
Enter fullscreen mode Exit fullscreen mode

Then generating a certificate for localhost is as simple as running:

mkcert localhost
Enter fullscreen mode Exit fullscreen mode

nginx

Adding TLS certificates requires editing a nginx.conf file and putting the file in the proper place for nginx to read.

Example nginx configuration file with TLS enabled:

server {
  listen 443 ssl default_server;

  ssl_certificate /etc/ssl/certs/nitrogen.pem;
  ssl_certificate_key /etc/ssl/private/nitrogen.key;
}
Enter fullscreen mode Exit fullscreen mode

Then in the Dockerfile we would have some entries like:

COPY nginx.conf /etc/nginx/conf.d/nginx.conf
COPY nitrogen.key /etc/ssl/private/nitrogen.key
COPY nitrogen.pem /etc/ssl/certs/nitrogen.pem
Enter fullscreen mode Exit fullscreen mode

Nitrogen Example

Check out the full example here. This is a condensed version.

Note: also useful to checkout the nitrogen README.md first as well

Note: you'll also need an AWS account :D

First you'll need to clone the repo and install nitrogen:

$ git clone https://github.com/capeprivacy/nitrogen
$ curl -fsSL https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.sh | sh
Enter fullscreen mode Exit fullscreen mode

Then from the root of the repo (cd nitrogen) you can run the following commands and hopefully see some glorious HTML served over TLS:

$ nitrogen setup nitrogen-nginx-tls ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

From setup you should see an ec2 hostname which needs to be used in the next command:

$ mkcert -install
$ mkcert -cert-file nitrogen.pem -key-file nitrogen.key <HOSTNAME FROM ABOVE>
$ cp nitrogen.pem nitrogen.key examples/nginx-tls
Enter fullscreen mode Exit fullscreen mode
$ nitrogen build examples/nginx-tls/
$ nitrogen deploy nitrogen-nginx-tls ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode

Finally you can run curl:

$curl https://<HOSTNAME FROM ABOVE>:5000/
Enter fullscreen mode Exit fullscreen mode

Finally finally, tear down your cloud formation stack so you don't get charged unnecessarily:

$ nitrogen delete nitrogen-nginx-tls
Enter fullscreen mode Exit fullscreen mode

Thanks for reading! We'd love to hear what you think in the comments below. Please star Nitrogen on GitHub, and come chat on Discord.

💖 💪 🙅 🚩
justin1121
Justin Patriquin

Posted on November 7, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

TLS with Nitrogen
webdev TLS with Nitrogen

November 7, 2022