How to Add TLS to Nitrogen

  • Justin Patriquin
    Justin Patriquin@PatriquinJustin

I was recently reminded about the tool mkcert and it inspired me to add a TLS example to the Nitrogenmkcert makes its incredibly easy to test TLS with your application during local development. Its very important to note that the TLS certificates generated by mkcert should only be used for development and never production applications.

mkcert

Just a quick overview of mkcert. Before doing anything you must install the CA to your local machine:

mkcert -install

Then generating a certificate for localhost is as simple as running:

mkcert localhost

nginx

Adding TLS certificates requires editing a nginx.conf file and putting the file in the proper place for nginx to read.

Example nginx configuration file with TLS enabled:

server { listen 443 ssl default_server; ssl_certificate /etc/ssl/certs/nitrogen.pem; ssl_certificate_key /etc/ssl/private/nitrogen.key; }

Then in the Dockerfile we would have some entries like:

COPY nginx.conf /etc/nginx/conf.d/nginx.conf COPY nitrogen.key /etc/ssl/private/nitrogen.key COPY nitrogen.pem /etc/ssl/certs/nitrogen.pem

Nitrogen Example

Check out the full example here. This is a condensed version.

Note: also useful to checkout the nitrogen README.md first as well

Note: you'll also need an AWS account :D

First you'll need to clone the repo and install nitrogen:

$ git clone https://github.com/capeprivacy/nitrogen $ curl -fsSL https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.sh | sh

Then from the root of the repo (cd nitrogen) you can run the following commands and hopefully see some glorious HTML served over TLS:

$ nitrogen setup nitrogen-nginx-tls ~/.ssh/id_rsa.pub

From setup you should see an ec2 hostname which needs to be used in the next command:

$ mkcert -install $ mkcert -cert-file nitrogen.pem -key-file nitrogen.key <HOSTNAME FROM ABOVE> $ cp nitrogen.pem nitrogen.key examples/nginx-tls

$ nitrogen build examples/nginx-tls/ $ nitrogen deploy nitrogen-nginx-tls ~/.ssh/id_rsa

Finally you can run curl:

$curl https://<HOSTNAME FROM ABOVE>:5000/

Finally finally, tear down your cloud formation stack so you don't get charged unnecessarily:

$ nitrogen delete nitrogen-nginx-tls

Thanks for reading! We'd love to hear what you think in the comments below. Please star Nitrogen on GitHub, and come chat on Discord.

Check out the Getting Started Docs to try Cape for free. We’d love to hear what you think

Share this post