- SSL Support (HTTPS by default)
- Configurable Library & CLI
- Multi-domain Support
- Cross-platform System Trust Store Integration
- Flexible Certificate Generation
bun install -d @stacksjs/tlsx
# or, invoke immediately
bunx @stacksjs/tlsx
npx @stacksjs/tlsx
Please note, we are looking to publish this package to npm under the name tlsx
. Hoping npm will release the name for us.
There are two ways of using this reverse proxy: as a library or as a CLI.
Given the npm package is installed:
import type { AddCertOptions, CAOptions, CertificateOptions, TlsConfig, TlsOptions } from '@stacksjs/tlsx'
import { addCertToSystemTrustStoreAndSaveCerts, config, forge, generateCert, pki, storeCertificate, tls } from '@stacksjs/tlsx'
// Generate a certificate for a single domain
const cert = await generateCertificate({
domain: 'example.com',
rootCA: existingCA,
validityDays: 365,
})
// Generate a certificate for multiple domains
const multiDomainCert = await generateCertificate({
domains: ['example.com', 'api.example.com', '*.example.com'],
rootCA: existingCA,
validityDays: 365,
})
// Generate a certificate with both primary domain and additional domains
const combinedCert = await generateCertificate({
domain: 'example.com',
domains: ['api.example.com', '*.example.com'],
rootCA: existingCA,
validityDays: 365,
})
// Store and trust the certificate
await addCertToSystemTrustStoreAndSaveCert(cert, rootCA.certificate)
# Generate certificate for a single domain
tlsx secure example.com
# Generate certificate for multiple domains
tlsx secure -d "example.com,api.example.com,*.example.com"
# Generate certificate with primary domain and additional domains
tlsx secure example.com -d "api.example.com,*.example.com"
# Generate certificate with custom validity and organization
tlsx secure example.com --validity-days 365 --organization-name "My Company"
# Show all available options
tlsx secure --help
# Show version
tlsx version
The Reverse Proxy can be configured using a tls.config.ts
(or tls.config.js
) file and it will be automatically loaded when running the tlsx
command.
// tlsx.config.{ts,js}
import type { TlsConfig } from '@stacksjs/tlsx'
export default {
domain: 'stacks.localhost',
hostCertCN: 'stacks.localhost',
caCertPath: path.join(os.homedir(), '.stacks', 'ssl', `tlsx.localhost.ca.crt`),
certPath: path.join(os.homedir(), '.stacks', 'ssl', `tlsx.localhost.crt`),
keyPath: path.join(os.homedir(), '.stacks', 'ssl', `tlsx.localhost.crt.key`),
altNameIPs: ['127.0.0.1'],
altNameURIs: ['localhost'],
organizationName: 'stacksjs.org',
countryName: 'US',
stateName: 'California',
localityName: 'Playa Vista',
commonName: 'stacks.localhost',
validityDays: 180,
verbose: false,
} satisfies TlsConfig
Then run:
tlsx
To learn more, head over to the documentation.
bun test
Please see our releases page for more information on what has changed recently.
Please review the Contributing Guide for details.
For help, discussion about best practices, or any other conversation that would benefit from being searchable:
For casual chit-chat with others using this package:
Join the Stacks Discord Server
Two things are true: Stacks OSS will always stay open-source, and we do love to receive postcards from wherever Stacks is used! π We also publish them on our website.
Our address: Stacks.js, 12665 Village Ln #2306, Playa Vista, CA 90094, United States π
We would like to extend our thanks to the following sponsors for funding Stacks development. If you are interested in becoming a sponsor, please reach out to us.
The MIT License (MIT). Please see LICENSE for more information.
Made with π