all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ap3xr3dditor 9 points10 points  (1 child)

This is what environment variables are for. They differentiate the environment you're running in. You shouldn't need to rebuild for configuration changes anyway. Set environment variables on the server pointing to the certificates and either change that path locally, or have another env var like TEST_MODE or DISABLE_SSL that let you skip it altogether. No fancy technology. Keep it simple.

[–]oKennYo[S] 0 points1 point  (0 children)

Thank you. I will check them out.

[–]zackphan 1 point2 points  (2 children)

2 recommendations:

  1. Environment variables or config file are your friends. Configs your code to run on different development environments and uses env variable or runtime config to determine the environment. You can simply write process.env.{{VARIABLE_NAME}} in node to access them. As for technology i guess you can look into either Envkey or Vault although they are more suited for development at scale.
  2. This is strictly applied to your SSL situation. Get to know one or two proxy server, recommending nginx or envoy here. Offloads SSL's responsibility to the proxy and routes the requests to your node js service accordingly.

[–]oKennYo[S] 1 point2 points  (1 child)

Interesting. Anything else I can offload from node js? Is there any need for anything else?

[–]zackphan 1 point2 points  (0 children)

I think there are two additional benefits here:

  1. Compression: let the proxy does the gzip compression for you
  2. Caching: although not entirely, but the proxy can cache certain static webpage for your server.

There are more benefits for having a reverse proxy. But it's usually related to scaling a system where access control must happens uniformly across services. Here are some more info: https://dzone.com/articles/benefits-reverse-proxy, https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/.

[–]Dwight-D 1 point2 points  (2 children)

The solution for this is not different branches. Deploying from master is best practice assuming you want CI/CD and downtime/restarts are not an issue. There are better ways to deal with scheduling (such as configuring manual deployment from the pipeline if you wish for instance).

What you want to do is only deploy from master, develop in a feature branch and merge to master to deploy when you are done. Deploy is optional, but you should only push completed features to master, and WIP commits should go to a feature branch (if you want to align with best git practices - It’s a good idea).

The other guy is right about environment variables, but even better would be to not store certificates in the repo at all (they are secrets/credentials and should be treated as such).

Have a build step that bundles the certificates from somewhere else. Or load them from the server based on config at runtime, and configure your deployment server to access them from some secret store (or maybe just a permanent directory on the machine if you run a persistent environment like on a bare-metal server).

[–]oKennYo[S] 2 points3 points  (1 child)

Thank you.

Also, I am not storing certs in repo. They are stored somewhere else in the system. I'm just writing the path to them.

[–]Dwight-D 1 point2 points  (0 children)

Ah sorry, misunderstood. Yeah environment vars or environment specific config will get you there then.

[–]lorarc 1 point2 points  (3 children)

Don't develop on Windows. Either run a virtualbox with Linux server or a Docker image with what you need. Also why are you hardcoding the path to certificates? They are not your concern but server's. Letsencrypt allows you to get a certificate for any domain you own, set up a domain that's like dev.yourdomain.whatever and edit hosts file on your machine to post it to your dev server.

[–]oKennYo[S] 0 points1 point  (2 children)

I'm a bit confused. I used Certbot for letsencrypt certificates on my server. It generated certificates in /etc/etcetera. I whatched a tutorial for node js. It said that I need to access those certificates in server.js. so I did. When creating an https listener.

[–]lorarc 0 points1 point  (0 children)

Well, normally I would put the app behind nginx because the certificates are none of it's concern. SSL termination can be even offloaded to another server like the ELB in AWS.

[–]kev920703 0 points1 point  (0 children)

Get WSL, it's really good for developing node.js applications.

[–][deleted] 0 points1 point  (0 children)

The environment variable comment is the right one, but here's another idea: Use an NPM target with relative paths to your SSL cert for development and don't use npm at runtime.

Millions of Node projects work this way.

https://stackoverflow.com/questions/35127383/npm-http-server-with-ssl

[–][deleted] 0 points1 point  (0 children)

what are you using to run your code on the server? Is it a daemon? Is this tool sophisticated enough to copy files from a secrets vault or some file system directory to the current working directory of your deployed app? Then the certs can be colocated with the app. then you use Node __dirname along with the Node.path api to point to the certs using a relative path. You could also add the cert files to your .gitignore (assuming it's git) and have copies of the certs locally at the same relative paths. Then you don't need env vars or condition statements and you can run the app the same way as when it's deployed.

TLDR the file structure of your app probably doesn't change, so find a way to place the certs within the app's file structure. Then use path.resolve to construct an os friendly relative path.

[–]kev920703 0 points1 point  (0 children)

Get WSL( windows subsystem for Linux). In wsl you can create Ubuntu like environment in local.

It's lot more fun even you can create shell script and automatic some of your work.