chore: more SSL work

Author: chrisbbreuer

bun.lockb

@@ -61,7 +61,7 @@
     "preview:docs": "vitepress preview docs"
   },
   "dependencies": {
-    "@stacksjs/tlsx": "^0.4.3"
+    "@stacksjs/tlsx": "^0.5.6"
   },
   "devDependencies": {
     "@stacksjs/cli": "^0.68.2",

package.json

@@ -9,7 +9,7 @@ const config: ReverseProxyOptions = {
   // certPath: path.join(os.homedir(), '.stacks', 'ssl', `stacks.localhost.crt`),
   // caCertPath: path.join(os.homedir(), '.stacks', 'ssl', `stacks.localhost.ca.crt`),
   https: true,
-  verbose: false,
+  verbose: true,
 }
 
 export default config

reverse-proxy.config.ts

@@ -4,7 +4,7 @@ import { log } from '@stacksjs/cli'
 import { addCertToSystemTrustStoreAndSaveCert, createRootCA, generateCert } from '@stacksjs/tlsx'
 import { config } from './config'
 
-export async function generateCertficate(options?: TlsOption): Promise<{ key: string, cert: string, ca: string }> {
+export async function generateCertificate(options?: TlsOption): Promise<{ key: string, cert: string, ca: string }> {
   const conf = config?.tls
   const mergedOptions = {
     ...conf,
@@ -14,7 +14,7 @@ export async function generateCertficate(options?: TlsOption): Promise<{ key: st
   const domain = mergedOptions.domain || 'localhost'
   log.info(`Generating a self-signed SSL certificate for: ${domain}`)
 
-  const caCert = await createRootCA()
+  const caCert = await createRootCA(mergedOptions)
   const hostCert = await generateCert({
     hostCertCN: mergedOptions?.commonName ?? mergedOptions.commonName ?? domain,
     domain,
@@ -29,9 +29,10 @@ export async function generateCertficate(options?: TlsOption): Promise<{ key: st
       certificate: caCert.certificate,
       privateKey: caCert.privateKey,
     },
+    verbose: mergedOptions.verbose,
   })
 
-  await addCertToSystemTrustStoreAndSaveCert(hostCert, caCert.certificate)
+  await addCertToSystemTrustStoreAndSaveCert(hostCert, caCert.certificate, mergedOptions)
 
   log.success('Certificate generated')
 

src/certificate.ts

@@ -9,7 +9,7 @@ import * as net from 'node:net'
 import process from 'node:process'
 import { bold, dim, green, log } from '@stacksjs/cli'
 import { version } from '../package.json'
-import { generateCertficate } from './certificate'
+import { generateCertificate } from './certificate'
 import { config } from './config'
 import { debugLog } from './utils'
 
@@ -123,7 +123,7 @@ async function loadSSLConfig(options: ReverseProxyOption): Promise<SSLConfig | n
   // If HTTPS is true but no certificates provided at all, generate certificate
   if (options.https === true) {
     debugLog('ssl', 'Generating self-signed certificate')
-    return await generateCertficate(options)
+    return await generateCertificate(options.tls)
   }
 
   // Default to no SSL
@@ -209,7 +209,7 @@ export async function startServer(options?: ReverseProxyOption): Promise<void> {
     ...config,
     ...(options || {}),
   }
-
+  debugLog('server', `Merged options: ${JSON.stringify(mergedOptions)}`)
   const { fromUrl, toUrl, protocol } = normalizeUrls(mergedOptions)
   const fromPort = Number.parseInt(fromUrl.port) || (protocol.includes('https:') ? 443 : 80)
 

src/start.ts

@@ -9,7 +9,7 @@ export interface ReverseProxyConfig {
   certPath?: string // absolute path to the cert
   caCertPath?: string // absolute path to the ca cert
   https: boolean // use https, defaults to true
-  tls: boolean | TlsConfig // the tls configuration
+  tls: TlsConfig // the tls configuration
   verbose: boolean
 }