TLS with Nitrogen
Justin Patriquin
Posted on November 7, 2022
I was recently reminded about the tool mkcert and it inspired me to add a TLS example to the Nitrogen. mkcert
makes its incredibly easy to test TLS with your application during local development. Its very important to note that the TLS certificates generated by mkcert should only be used for development and never production applications.
mkcert
Just a quick overview of mkcert
. Before doing anything you must install the CA to your local machine:
mkcert -install
Then generating a certificate for localhost is as simple as running:
mkcert localhost
nginx
Adding TLS certificates requires editing a nginx.conf
file and putting the file in the proper place for nginx
to read.
Example nginx configuration file with TLS enabled:
server {
listen 443 ssl default_server;
ssl_certificate /etc/ssl/certs/nitrogen.pem;
ssl_certificate_key /etc/ssl/private/nitrogen.key;
}
Then in the Dockerfile we would have some entries like:
COPY nginx.conf /etc/nginx/conf.d/nginx.conf
COPY nitrogen.key /etc/ssl/private/nitrogen.key
COPY nitrogen.pem /etc/ssl/certs/nitrogen.pem
Nitrogen Example
Check out the full example here. This is a condensed version.
Note: also useful to checkout the nitrogen README.md first as well
Note: you'll also need an AWS account :D
First you'll need to clone the repo and install nitrogen
:
$ git clone https://github.com/capeprivacy/nitrogen
$ curl -fsSL https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.sh | sh
Then from the root of the repo (cd nitrogen
) you can run the following commands and hopefully see some glorious HTML served over TLS:
$ nitrogen setup nitrogen-nginx-tls ~/.ssh/id_rsa.pub
From setup you should see an ec2 hostname which needs to be used in the next command:
$ mkcert -install
$ mkcert -cert-file nitrogen.pem -key-file nitrogen.key <HOSTNAME FROM ABOVE>
$ cp nitrogen.pem nitrogen.key examples/nginx-tls
$ nitrogen build examples/nginx-tls/
$ nitrogen deploy nitrogen-nginx-tls ~/.ssh/id_rsa
Finally you can run curl
:
$curl https://<HOSTNAME FROM ABOVE>:5000/
Finally finally, tear down your cloud formation stack so you don't get charged unnecessarily:
$ nitrogen delete nitrogen-nginx-tls
Thanks for reading! We'd love to hear what you think in the comments below. Please star Nitrogen on GitHub, and come chat on Discord.
Posted on November 7, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.