From 12accb6653eca97105f66ad8b82fdc827eaf44f6 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 12:29:42 -1000 Subject: [PATCH 01/31] Update devcert to point to my dev repo --- packages/gatsby/package.json | 2 +- yarn.lock | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/gatsby/package.json b/packages/gatsby/package.json index 8fa4f17e36ef6..8edc9a3664d27 100644 --- a/packages/gatsby/package.json +++ b/packages/gatsby/package.json @@ -51,7 +51,7 @@ "debug": "^3.2.6", "del": "^5.1.0", "detect-port": "^1.3.0", - "devcert": "^1.0.2", + "devcert": "^1.1.0", "dotenv": "^8.2.0", "eslint": "^6.7.2", "eslint-config-react-app": "^5.1.0", diff --git a/yarn.lock b/yarn.lock index b0faa76e7fe23..fb14684d0425c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8482,7 +8482,7 @@ detective@^4.0.0: acorn "^5.2.1" defined "^1.0.0" -devcert@^1.0.2: +devcert@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/devcert/-/devcert-1.1.0.tgz#255508c20dd21045e3020acf438491b745835dfd" integrity sha512-ppyIBJueMMisYvJABaXESY10CwEm1pUXoLOm6TeBO2bbDUQE8ZjJPNADlu31I2InL7hduSgratzRG/dHUDF41w== @@ -21276,6 +21276,11 @@ sudo-prompt@^8.2.0: resolved "https://registry.yarnpkg.com/sudo-prompt/-/sudo-prompt-8.2.5.tgz#cc5ef3769a134bb94b24a631cc09628d4d53603e" integrity sha512-rlBo3HU/1zAJUrkY6jNxDOC9eVYliG6nS4JA8u8KAshITd07tafMc/Br7xQwCSseXwJ2iCcHCE8SNWX3q8Z+kw== +sudo-prompt@^8.2.0: + version "8.2.5" + resolved "https://registry.yarnpkg.com/sudo-prompt/-/sudo-prompt-8.2.5.tgz#cc5ef3769a134bb94b24a631cc09628d4d53603e" + integrity sha512-rlBo3HU/1zAJUrkY6jNxDOC9eVYliG6nS4JA8u8KAshITd07tafMc/Br7xQwCSseXwJ2iCcHCE8SNWX3q8Z+kw== + supports-color@6.1.0, supports-color@^6.0.0, supports-color@^6.1.0: version "6.1.0" resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-6.1.0.tgz#0764abc69c63d5ac842dd4867e8d025e880df8f3" @@ -22935,8 +22940,9 @@ vm-browserify@^1.0.1: integrity sha512-iq+S7vZJE60yejDYM0ek6zg308+UZsdtPExWP9VZoCFCz1zkJoXFnAX7aZfd/ZwrkidzdUZL0C/ryW+JwAiIGw== vue-template-compiler@^2.5.16: - version "2.5.17" - resolved "https://registry.yarnpkg.com/vue-template-compiler/-/vue-template-compiler-2.5.17.tgz#52a4a078c327deb937482a509ae85c06f346c3cb" + version "2.6.10" + resolved "https://registry.yarnpkg.com/vue-template-compiler/-/vue-template-compiler-2.6.10.tgz#323b4f3495f04faa3503337a82f5d6507799c9cc" + integrity sha512-jVZkw4/I/HT5ZMvRnhv78okGusqe0+qH2A0Em0Cp8aq78+NK9TII263CDVz2QXZsIT+yyV/gZc/j/vlwa+Epyg== dependencies: de-indent "^1.0.2" he "^1.1.0" From 5540d13f38b206969746e976b8283e90439afa08 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 12:31:10 -1000 Subject: [PATCH 02/31] Update program.host to reflect server certificate --- packages/gatsby/src/commands/develop.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/gatsby/src/commands/develop.ts b/packages/gatsby/src/commands/develop.ts index 22532a9608b7e..e2a7ca0be5fc1 100644 --- a/packages/gatsby/src/commands/develop.ts +++ b/packages/gatsby/src/commands/develop.ts @@ -421,6 +421,7 @@ module.exports = async (program: IProgram): Promise => { program.ssl = await getSslCert({ name: sslHost, + caFile: program[`ca-file`], certFile: program[`cert-file`], keyFile: program[`key-file`], directory: program.directory, From cc82fccdea78c00142d96e17e20670ab8d6e03a3 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 12:32:48 -1000 Subject: [PATCH 03/31] Trust self signed certificates --- packages/gatsby/src/utils/get-ssl-cert.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index bf721e3a681ac..8c79003ddf3b0 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -25,6 +25,7 @@ module.exports = async ({ name, certFile, keyFile, directory }) => { const keyPath = absoluteOrDirectory(directory, keyFile) const certPath = absoluteOrDirectory(directory, certFile) + process.env.NODE_EXTRA_CA_CERTS = certPath return await { keyPath, certPath, From 6e99faee505398aeff30a8a08b26f11df73c505f Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 12:34:12 -1000 Subject: [PATCH 04/31] Destructure ssl data and trust ca --- packages/gatsby/src/utils/get-ssl-cert.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 8c79003ddf3b0..8d3ebc7db3e96 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -47,10 +47,16 @@ module.exports = async ({ name, certFile, keyFile, directory }) => { const mkdtemp = fs.mkdtempSync(path.join(os.tmpdir(), `home-`)) process.env.HOME = mkdtemp } - const certificateFor = require(`devcert`).certificateFor - return await certificateFor(name, { + const getDevCert = require(`devcert`).certificateFor + const ssl = await getDevCert(name, { + returnCa: true, installCertutil: true, }) + if (ssl.ca) process.env.NODE_EXTRA_CA_CERTS = ssl.ca + return { + key: ssl.key, + cert: ssl.cert, + } } catch (err) { report.panic({ id: `11522`, From 393429ee08077bfbbdcbcf25ee4e0373af9b7894 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 12:35:16 -1000 Subject: [PATCH 05/31] keyPath/certPath are not used outside of this module --- packages/gatsby/src/utils/get-ssl-cert.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 8d3ebc7db3e96..c0472fd3fc68c 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -27,8 +27,6 @@ module.exports = async ({ name, certFile, keyFile, directory }) => { process.env.NODE_EXTRA_CA_CERTS = certPath return await { - keyPath, - certPath, key: fs.readFileSync(keyPath), cert: fs.readFileSync(certPath), } From a126ffb36b148c17ce9295bb9e65f2b0e9f056ba Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 13:16:21 -1000 Subject: [PATCH 06/31] Use more robust encryption password routine --- packages/gatsby/src/utils/get-ssl-cert.js | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index c0472fd3fc68c..3551114de093e 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -2,6 +2,7 @@ const report = require(`gatsby-cli/lib/reporter`) const fs = require(`fs`) const path = require(`path`) const os = require(`os`) +const prompts = require(`prompts`) const absoluteOrDirectory = (directory, filePath) => { // Support absolute paths @@ -49,6 +50,28 @@ module.exports = async ({ name, certFile, keyFile, directory }) => { const ssl = await getDevCert(name, { returnCa: true, installCertutil: true, + ui: { + getWindowsEncryptionPassword: async () => { + report.info( + [ + `A password is required to access the secure certificate authority credentials`, + `used for signing certificates.`, + ``, + `If this is the first time this has run, then this is to set the password`, + `for future use. If any new certificates are signed later, you will need`, + `to use this same password.`, + ``, + ].join(`\n`) + ) + const results = await prompts({ + type: `password`, + name: `value`, + message: `Please enter the CA password`, + validate: input => input.length > 0 || `You must enter a password.`, + }) + return results.value + }, + }, }) if (ssl.ca) process.env.NODE_EXTRA_CA_CERTS = ssl.ca return { From c0a4ac8b7a9fce750d291f546084a0339910a017 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 19:37:53 -1000 Subject: [PATCH 07/31] Allow defining ca certificate from cli --- packages/gatsby-cli/src/create-cli.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/gatsby-cli/src/create-cli.js b/packages/gatsby-cli/src/create-cli.js index 60c9deb1a79d1..b1efd154d269b 100644 --- a/packages/gatsby-cli/src/create-cli.js +++ b/packages/gatsby-cli/src/create-cli.js @@ -136,13 +136,18 @@ function buildLocalCommands(cli, isLocalSite) { alias: `cert-file`, type: `string`, default: ``, - describe: `Custom HTTPS cert file (relative path; also required: --https, --key-file). See https://www.gatsbyjs.org/docs/local-https/`, + describe: `Custom HTTPS cert file (also required: --https, --key-file). See https://www.gatsbyjs.org/docs/local-https/`, }) .option(`k`, { alias: `key-file`, type: `string`, default: ``, - describe: `Custom HTTPS key file (relative path; also required: --https, --cert-file). See https://www.gatsbyjs.org/docs/local-https/`, + describe: `Custom HTTPS key file (also required: --https, --cert-file). See https://www.gatsbyjs.org/docs/local-https/`, + }) + .option(`ca`, { + type: `string`, + default: ``, + describe: `Custom HTTPS CA certificate file (also required: --https, --cert-file, --key-file). See https://www.gatsbyjs.org/docs/local-https/`, }) .option(`open-tracing-config-file`, { type: `string`, From 77530fe140474f80e6340939cc3b7b42ed39f243 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 19:38:19 -1000 Subject: [PATCH 08/31] Use cli defined ca certificate, if it exists --- packages/gatsby/src/utils/get-ssl-cert.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 3551114de093e..a45cd5d67ca63 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -12,7 +12,7 @@ const absoluteOrDirectory = (directory, filePath) => { return path.join(directory, filePath) } -module.exports = async ({ name, certFile, keyFile, directory }) => { +module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { // check that cert file and key file are both true or both false, if they are both // false, it defaults to the automatic ssl if (certFile ? !keyFile : keyFile) { @@ -26,7 +26,9 @@ module.exports = async ({ name, certFile, keyFile, directory }) => { const keyPath = absoluteOrDirectory(directory, keyFile) const certPath = absoluteOrDirectory(directory, certFile) - process.env.NODE_EXTRA_CA_CERTS = certPath + process.env.NODE_EXTRA_CA_CERTS = caFile + ? absoluteOrDirectory(directory, caFile) + : certPath return await { key: fs.readFileSync(keyPath), cert: fs.readFileSync(certPath), From 1edfef27e5a5fb9f700e3ccc11e7df3b625c8839 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 19:58:03 -1000 Subject: [PATCH 09/31] prompt verbiage --- packages/gatsby/src/utils/get-ssl-cert.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index a45cd5d67ca63..7b3d09212568a 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -35,7 +35,9 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { } } - report.info(`setting up automatic SSL certificate (may require sudo)\n`) + report.info( + `setting up automatic SSL certificate (may require elevated permissions/sudo)\n` + ) try { if ([`linux`, `darwin`].includes(os.platform()) && !process.env.HOME) { // this is a total hack to ensure process.env.HOME is set on linux and mac @@ -56,7 +58,7 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { getWindowsEncryptionPassword: async () => { report.info( [ - `A password is required to access the secure certificate authority credentials`, + `A password is required to access the secure certificate authority key`, `used for signing certificates.`, ``, `If this is the first time this has run, then this is to set the password`, From 73cf13fe9270c164e868fe08b834c85f604e2090 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 20:15:24 -1000 Subject: [PATCH 10/31] Update docs --- docs/docs/local-https.md | 75 ++++++++++++++++++++++++++++++++-------- 1 file changed, 60 insertions(+), 15 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index 79cc643c8349e..e9e3e082d8161 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -14,44 +14,89 @@ Start the development server using `npm run develop` as usual, and add either th When setting up a development SSL certificate for the first time, you may be asked to type in your password after starting the development environment: - info setting up SSL certificate (may require sudo) + info setting up SSL certificate (may require elevated permissions) Password: -This is _only_ required the first time you are using Gatsby's HTTPS feature on your machine. After that, certificates will be created on the fly. +On windows, the prompt will differ -After typing in your password, `devcert` will attempt to install some software necessary to tell Firefox (and Chrome, only on Linux) to trust your development certificates. + A password is required to access the secure certificate authority key + used for signing certificates. - Unable to automatically install SSL certificate - please follow the - prompts at http://localhost:52175 in Firefox to trust the root certificate - See https://github.com/davewasmer/devcert#how-it-works for more details - -- Press once you finish the Firefox prompts -- + If this is the first time this has run, then this is to set the password + for future use. If any new certificates are signed later, you will need + to use this same password. -If you wish to support Firefox (or Chrome on Linux), visit `http://localhost:52175` in Firefox and follow the point-and-click wizard. Otherwise, you may press enter without following the prompts. **Reminder: you'll only need to do this once per machine.** + Please enter the CA password: + +This is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, and when you are creating a brand new certificate. + +After typing in your password, `devcert` will attempt to install the CA certificate in your operating system's (or your browser's) trusted certs store. + +If the necessary software required to trust the certificate is not installed on your machine, you may get the following prompts: + +- On Chrome: + + WARNING: It looks like you have Chrome installed, but you specified + 'skipCertutilInstall: true'. Unfortunately, without installing + certutil, it's impossible get Chrome to trust devcert's certificates + The certificates will work, but Chrome will continue to warn you that + they are untrusted. + +- If you have Firefox installed, `devcert` will try to utilize Firefox itself to trust the certificate + + devcert was unable to automatically configure Firefox. You'll need to + complete this process manually. Don't worry though - Firefox will walk + you through it. + When you're ready, hit any key to continue. Firefox will launch and + display a wizard to walk you through how to trust the devcert + certificate. When you are finished, come back here and we'll finish up. + (If Firefox doesn't start, go ahead and start it and navigate to + http://localhost:52175 in a new tab.) + If you are curious about why all this is necessary, check out + https://github.com/davewasmer/devcert#how-it-works + + + - You can press enter here, and it will launch Firefox for you. + + - If you wish to have trust support on Firefox, tell the point-and-click wizard `this certificate can identify websites`, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. **Reminder: you'll only need to do this once per machine.** Now open the development server at `https://localhost:8000` and enjoy the HTTPS goodness ✨. Of course, you may change the port according to your setup. Find out more about [how devcert works](https://github.com/davewasmer/devcert#how-it-works). +### Management of certificates generated by devcert + +If you want to do some maintenance of the certificates generated by `devcert`, please refer to [devcert-cli](https://github.com/davewasmer/devcert-cli/blob/master/README.md) + ## Custom Key and Certificate Files You may find that you need a custom key and certificate file for https if you use multiple machines for development (or if your dev environment is containerized in Docker). -If you need to use a custom https setup, you can pass the `--https`, `--key-file` and -`--cert-file` flags to `npm run develop`. +If you need to use a custom https setup, you can pass the `--https`, `--key-file`, +`--cert-file`, and `--ca` flags to `npm run develop`. -- `--cert-file` [relative path to ssl certificate file] -- `--key-file` [relative path to ssl key file] +- `--cert-file` [relative/absolute path to ssl certificate file] +- `--key-file` [relative/absolute path to ssl key file] +- `--ca` [relative/absolute path to ssl certificate authority file] See the example command: ```shell -gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt +# Using relative paths +$ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca ../relative/path/to/ca.crt + +# Or using absolute paths +$ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca /absolute/path/to/ca.crt ``` -in most cases, the `--https` passed by itself is easier and more convenient to get local https. +Usage of the `--ca` flag is only required if your certificate is signed by a certificate authority. + +If your certificate is self-signed, then do not include the `--ca` flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser's, in Firefox's case) root certificate store in order for your browser to trust it. + +In most cases, the `--https` passed by itself is easier and more convenient to get local https. --- -Keep in mind that the automatic certificates issued with the `--https` flag are explicitly issued to `localhost` and will only be accepted there. Using it together with the `--host` option will likely result in browser warnings. +Automatic certificates issued with the `--https` flag are issued to `localhost` by default, unless you have used the `--host` flag. If you have, a record in your hosts file will automatically be configured to point the defined host to `127.0.0.1`. At this time, ip addresses defined by `--host` are not supported. From dc486a5695f3444aca4361613d85ba068f954bd1 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 20:59:29 -1000 Subject: [PATCH 11/31] Change --ca to --ca-file --- docs/docs/local-https.md | 12 ++++++------ packages/gatsby-cli/src/create-cli.js | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index e9e3e082d8161..0cbec43ecc889 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -75,25 +75,25 @@ You may find that you need a custom key and certificate file for https if you us machines for development (or if your dev environment is containerized in Docker). If you need to use a custom https setup, you can pass the `--https`, `--key-file`, -`--cert-file`, and `--ca` flags to `npm run develop`. +`--cert-file`, and `--ca-file` flags to `npm run develop`. - `--cert-file` [relative/absolute path to ssl certificate file] - `--key-file` [relative/absolute path to ssl key file] -- `--ca` [relative/absolute path to ssl certificate authority file] +- `--ca-file` [relative/absolute path to ssl certificate authority file] See the example command: ```shell # Using relative paths -$ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca ../relative/path/to/ca.crt +$ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt # Or using absolute paths -$ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca /absolute/path/to/ca.crt +$ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file /absolute/path/to/ca.crt ``` -Usage of the `--ca` flag is only required if your certificate is signed by a certificate authority. +Usage of the `--ca-file` flag is only required if your certificate is signed by a certificate authority. -If your certificate is self-signed, then do not include the `--ca` flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser's, in Firefox's case) root certificate store in order for your browser to trust it. +If your certificate is self-signed, then do not include the `--ca-file` flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser's, in Firefox's case) root certificate store in order for your browser to trust it. In most cases, the `--https` passed by itself is easier and more convenient to get local https. diff --git a/packages/gatsby-cli/src/create-cli.js b/packages/gatsby-cli/src/create-cli.js index b1efd154d269b..d5951327892a1 100644 --- a/packages/gatsby-cli/src/create-cli.js +++ b/packages/gatsby-cli/src/create-cli.js @@ -144,7 +144,7 @@ function buildLocalCommands(cli, isLocalSite) { default: ``, describe: `Custom HTTPS key file (also required: --https, --cert-file). See https://www.gatsbyjs.org/docs/local-https/`, }) - .option(`ca`, { + .option(`ca-file`, { type: `string`, default: ``, describe: `Custom HTTPS CA certificate file (also required: --https, --cert-file, --key-file). See https://www.gatsbyjs.org/docs/local-https/`, From 730d980a77fecf3514385ea34e96c977117bab7e Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Wed, 16 Oct 2019 08:42:26 -1000 Subject: [PATCH 12/31] Updated devcert/certutil setup process The setup section needed to be a little bit more in-depth, to cover some of the possible, platform specific, issues --- docs/docs/local-https.md | 41 ++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index 0cbec43ecc889..4aa8c9143091f 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -18,7 +18,7 @@ When setting up a development SSL certificate for the first time, you may be ask Password: -On windows, the prompt will differ +On windows, the prompt will differ: A password is required to access the secure certificate authority key used for signing certificates. @@ -31,11 +31,36 @@ On windows, the prompt will differ This is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, and when you are creating a brand new certificate. -After typing in your password, `devcert` will attempt to install the CA certificate in your operating system's (or your browser's) trusted certs store. +After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. For various browsers (Firefox, and Chrome on Linux) it needs to use a utility called `certutil`. -If the necessary software required to trust the certificate is not installed on your machine, you may get the following prompts: +### In case `certutil` is not installed on your machine: -- On Chrome: +`devcert` is configured to not install `certutil` automatically. You will need to do that yourself, if you want it to be able to setup the trust automatically. + +To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. + +On a linux OS, you should be able to simply run one of the following, depending on the flavor: +```sh +# Debian based (Ubuntu) +sudo apt install libnss3-tools + +# RHEL based (Fedora) +sudo yum install nss-tools + +# OpenSuse +sudo zypper install mozilla-nss-tools +``` + +On MacOS, you should be able to run: +```sh +brew install nss +``` + +Windows is a different story. There's not many precompiled binaries out there. If you search, you should find some, but otherwise, you will need to compile the library yourself. + +If you choose not to install `certutil`, you may get the following errors/prompts: + +- If you use Chrome on Linux: WARNING: It looks like you have Chrome installed, but you specified 'skipCertutilInstall: true'. Unfortunately, without installing @@ -48,11 +73,13 @@ If the necessary software required to trust the certificate is not installed on devcert was unable to automatically configure Firefox. You'll need to complete this process manually. Don't worry though - Firefox will walk you through it. + When you're ready, hit any key to continue. Firefox will launch and display a wizard to walk you through how to trust the devcert certificate. When you are finished, come back here and we'll finish up. (If Firefox doesn't start, go ahead and start it and navigate to http://localhost:52175 in a new tab.) + If you are curious about why all this is necessary, check out https://github.com/davewasmer/devcert#how-it-works @@ -61,13 +88,15 @@ If the necessary software required to trust the certificate is not installed on - If you wish to have trust support on Firefox, tell the point-and-click wizard `this certificate can identify websites`, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. **Reminder: you'll only need to do this once per machine.** -Now open the development server at `https://localhost:8000` and enjoy the HTTPS goodness ✨. Of course, you may change the port according to your setup. +### After `devcert` setup process + +You can open the development server at [https://localhost:8000](https://localhost:8000) and enjoy the HTTPS goodness ✨. Of course, you may change the port according to your setup. Find out more about [how devcert works](https://github.com/davewasmer/devcert#how-it-works). ### Management of certificates generated by devcert -If you want to do some maintenance of the certificates generated by `devcert`, please refer to [devcert-cli](https://github.com/davewasmer/devcert-cli/blob/master/README.md) +If you want to do some maintenance/cleanup of the certificates generated by `devcert`, please refer to [devcert-cli](https://github.com/davewasmer/devcert-cli/blob/master/README.md) ## Custom Key and Certificate Files From e56a7c58716d2708a1d23ea2ed3db1db8922e825 Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Wed, 16 Oct 2019 08:56:25 -1000 Subject: [PATCH 13/31] Missed relative -> absolute path --- docs/docs/local-https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index 4aa8c9143091f..a927e8fd7e9bc 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -117,7 +117,7 @@ See the example command: $ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt # Or using absolute paths -$ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file /absolute/path/to/ca.crt +$ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt ``` Usage of the `--ca-file` flag is only required if your certificate is signed by a certificate authority. From ebce67db9b73435a485eeea999dd1b05f38a72a4 Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Wed, 16 Oct 2019 08:59:02 -1000 Subject: [PATCH 14/31] certutil is completely ignored on Windows --- docs/docs/local-https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index a927e8fd7e9bc..d80f30078f6b9 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -56,7 +56,7 @@ On MacOS, you should be able to run: brew install nss ``` -Windows is a different story. There's not many precompiled binaries out there. If you search, you should find some, but otherwise, you will need to compile the library yourself. +Windows is a different story. There's not too many precompiled libraries out there, so the only option would be to go searching for one, or compile it yourself. Because of how difficult Windows makes it, `devcert` will not even try to update the Firefox trust store automatically; instead, it will fallback to using the "Firefox wizard", detailed below. If you choose not to install `certutil`, you may get the following errors/prompts: From 5b0533c5ce6c8af5a5a8610a3846c5260546ea02 Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Fri, 22 Nov 2019 07:40:12 -1000 Subject: [PATCH 15/31] Align usage with `npm run develop` The rest of the doc mentions `npm run develop` instead of `gatsby develop`. Align with that, but include alternative using the gatsby cli --- docs/docs/local-https.md | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index d80f30078f6b9..ce7da0f2a174c 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -110,15 +110,25 @@ If you need to use a custom https setup, you can pass the `--https`, `--key-file - `--key-file` [relative/absolute path to ssl key file] - `--ca-file` [relative/absolute path to ssl certificate authority file] -See the example command: +See the example commands below: -```shell -# Using relative paths -$ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt +* Using `npm run develop` + ```shell + # Using relative paths + $ npm run develop -- --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt -# Or using absolute paths -$ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt -``` + # Or using absolute paths + $ npm run develop -- --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt + ``` + +* Alternatively, you can run the development server using the gatsby cli + ```shell + # Using relative paths + $ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt + + # Or using absolute paths + $ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt + ``` Usage of the `--ca-file` flag is only required if your certificate is signed by a certificate authority. From 0483702ea2b5238bf8f08b5d41ec55569b969e03 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 26 Nov 2019 11:21:03 -1000 Subject: [PATCH 16/31] Renamed imported function/destructured returned value --- packages/gatsby/src/utils/get-ssl-cert.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 7b3d09212568a..c5ce8eb3a5926 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -51,7 +51,7 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { process.env.HOME = mkdtemp } const getDevCert = require(`devcert`).certificateFor - const ssl = await getDevCert(name, { + const { caPath, key, cert } = await getDevCert(name, { returnCa: true, installCertutil: true, ui: { @@ -77,10 +77,10 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { }, }, }) - if (ssl.ca) process.env.NODE_EXTRA_CA_CERTS = ssl.ca + if (caPath) process.env.NODE_EXTRA_CA_CERTS = caPath return { - key: ssl.key, - cert: ssl.cert, + key, + cert, } } catch (err) { report.panic({ From 73d61cca38ba3c7f9a7ae648c30dfc18e3478f38 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 26 Nov 2019 11:22:27 -1000 Subject: [PATCH 17/31] Use updated devcert api --- packages/gatsby/src/utils/get-ssl-cert.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index c5ce8eb3a5926..952f827d43c7d 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -52,8 +52,8 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { } const getDevCert = require(`devcert`).certificateFor const { caPath, key, cert } = await getDevCert(name, { - returnCa: true, - installCertutil: true, + getCaPath: true, + skipCertutilInstall: true, ui: { getWindowsEncryptionPassword: async () => { report.info( From ff0f4c8e57febb7b4e9bbe401e9654d46cf7fcfd Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 26 Nov 2019 12:03:34 -1000 Subject: [PATCH 18/31] Separated getWindowsEncryptionPassword function --- packages/gatsby/src/utils/get-ssl-cert.js | 42 ++++++++++++----------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 952f827d43c7d..713594265aa75 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -12,6 +12,27 @@ const absoluteOrDirectory = (directory, filePath) => { return path.join(directory, filePath) } +const getWindowsEncryptionPassword = async () => { + report.info( + [ + `A password is required to access the secure certificate authority key`, + `used for signing certificates.`, + ``, + `If this is the first time this has run, then this is to set the password`, + `for future use. If any new certificates are signed later, you will need`, + `to use this same password.`, + ``, + ].join(`\n`) + ) + const results = await prompts({ + type: `password`, + name: `value`, + message: `Please enter the CA password`, + validate: input => input.length > 0 || `You must enter a password.`, + }) + return results.value +} + module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { // check that cert file and key file are both true or both false, if they are both // false, it defaults to the automatic ssl @@ -55,26 +76,7 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { getCaPath: true, skipCertutilInstall: true, ui: { - getWindowsEncryptionPassword: async () => { - report.info( - [ - `A password is required to access the secure certificate authority key`, - `used for signing certificates.`, - ``, - `If this is the first time this has run, then this is to set the password`, - `for future use. If any new certificates are signed later, you will need`, - `to use this same password.`, - ``, - ].join(`\n`) - ) - const results = await prompts({ - type: `password`, - name: `value`, - message: `Please enter the CA password`, - validate: input => input.length > 0 || `You must enter a password.`, - }) - return results.value - }, + getWindowsEncryptionPassword, }, }) if (caPath) process.env.NODE_EXTRA_CA_CERTS = caPath From 76f11975e8d809bb103bac98953edbad67dc0eee Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 26 Nov 2019 12:04:06 -1000 Subject: [PATCH 19/31] Updated tests/snapshot to work with new devcert API --- .../__tests__/__snapshots__/get-ssl-cert.js.snap | 8 ++------ .../gatsby/src/utils/__tests__/get-ssl-cert.js | 16 ++++++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/packages/gatsby/src/utils/__tests__/__snapshots__/get-ssl-cert.js.snap b/packages/gatsby/src/utils/__tests__/__snapshots__/get-ssl-cert.js.snap index dab90a8f6eb24..bdbcac7331c83 100644 --- a/packages/gatsby/src/utils/__tests__/__snapshots__/get-ssl-cert.js.snap +++ b/packages/gatsby/src/utils/__tests__/__snapshots__/get-ssl-cert.js.snap @@ -1,20 +1,16 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`gets ssl certs Custom SSL certificate loads a cert from a absolute paths 1`] = ` +exports[`gets ssl certs Custom SSL certificate loads a cert from absolute paths 1`] = ` Object { "cert": "/foo.crt::file", - "certPath": "/foo.crt", "key": "/foo.key::file", - "keyPath": "/foo.key", } `; exports[`gets ssl certs Custom SSL certificate loads a cert relative to a directory 1`] = ` Object { "cert": "/app/directory/foo.crt::file", - "certPath": "/app/directory/foo.crt", "key": "/app/directory/foo.key::file", - "keyPath": "/app/directory/foo.key", } `; @@ -57,7 +53,7 @@ Array [ exports[`gets ssl certs automatic SSL certificate sets up dev cert 1`] = ` Array [ Array [ - "setting up automatic SSL certificate (may require sudo) + "setting up automatic SSL certificate (may require elevated permissions/sudo) ", ], ] diff --git a/packages/gatsby/src/utils/__tests__/get-ssl-cert.js b/packages/gatsby/src/utils/__tests__/get-ssl-cert.js index 6e6c74158b434..f3823103a5ea7 100644 --- a/packages/gatsby/src/utils/__tests__/get-ssl-cert.js +++ b/packages/gatsby/src/utils/__tests__/get-ssl-cert.js @@ -17,7 +17,7 @@ jest.mock(`devcert`, () => { } }) -const { certificateFor } = require(`devcert`) +const getDevCert = require(`devcert`).certificateFor const reporter = require(`gatsby-cli/lib/reporter`) const getSslCert = require(`../get-ssl-cert`) @@ -25,7 +25,7 @@ describe(`gets ssl certs`, () => { beforeEach(() => { reporter.panic.mockClear() reporter.info.mockClear() - certificateFor.mockClear() + getDevCert.mockClear() }) describe(`Custom SSL certificate`, () => { it.each([[{ certFile: `foo` }], [{ keyFile: `bar` }]])( @@ -46,7 +46,7 @@ describe(`gets ssl certs`, () => { }) ).resolves.toMatchSnapshot() }) - it(`loads a cert from a absolute paths`, () => { + it(`loads a cert from absolute paths`, () => { expect( getSslCert({ name: `mock-cert`, @@ -60,13 +60,17 @@ describe(`gets ssl certs`, () => { describe(`automatic SSL certificate`, () => { it(`sets up dev cert`, () => { getSslCert({ name: `mock-cert` }) - expect(certificateFor).toBeCalledWith(`mock-cert`, { - installCertutil: true, + expect(getDevCert).toBeCalledWith(`mock-cert`, { + getCaPath: true, + skipCertutilInstall: true, + ui: { + getWindowsEncryptionPassword: expect.any(Function), + }, }) expect(reporter.info.mock.calls).toMatchSnapshot() }) it(`panics if certificate can't be created`, () => { - certificateFor.mockImplementation(() => { + getDevCert.mockImplementation(() => { throw new Error(`mock error message`) }) getSslCert({ name: `mock-cert` }) From 9a60c68006f960a825abafc059f4ef76524a29aa Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 26 Nov 2019 13:25:39 -1000 Subject: [PATCH 20/31] Doc formatting --- docs/docs/local-https.md | 82 +++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 34 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index ce7da0f2a174c..2641876c2af05 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -8,39 +8,46 @@ Gatsby provides an easy way to use a local HTTPS server during development, than Start the development server using `npm run develop` as usual, and add either the `-S` or `--https` flag. - $ npm run develop -- --https +```shell +$ npm run develop -- --https +``` ## Setup When setting up a development SSL certificate for the first time, you may be asked to type in your password after starting the development environment: - info setting up SSL certificate (may require elevated permissions) +```text +info setting up SSL certificate (may require elevated permissions/sudo) - Password: +Password: +``` On windows, the prompt will differ: - A password is required to access the secure certificate authority key - used for signing certificates. +```text +A password is required to access the secure certificate authority key +used for signing certificates. - If this is the first time this has run, then this is to set the password - for future use. If any new certificates are signed later, you will need - to use this same password. +If this is the first time this has run, then this is to set the password +for future use. If any new certificates are signed later, you will need +to use this same password. - Please enter the CA password: +Please enter the CA password: +``` This is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, and when you are creating a brand new certificate. -After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. For various browsers (Firefox, and Chrome on Linux) it needs to use a utility called `certutil`. +After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. For various browsers (Firefox, and Chrome on Linux) it needs to use a utility called `certutil`. -### In case `certutil` is not installed on your machine: +### In case `certutil` is not installed on your machine -`devcert` is configured to not install `certutil` automatically. You will need to do that yourself, if you want it to be able to setup the trust automatically. +`devcert` is configured to not install `certutil` automatically. You will need to do that yourself, if you want it to be able to setup the trust automatically. -To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. +To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. On a linux OS, you should be able to simply run one of the following, depending on the flavor: -```sh + +```shell # Debian based (Ubuntu) sudo apt install libnss3-tools @@ -52,37 +59,42 @@ sudo zypper install mozilla-nss-tools ``` On MacOS, you should be able to run: -```sh + +```shell brew install nss ``` -Windows is a different story. There's not too many precompiled libraries out there, so the only option would be to go searching for one, or compile it yourself. Because of how difficult Windows makes it, `devcert` will not even try to update the Firefox trust store automatically; instead, it will fallback to using the "Firefox wizard", detailed below. +Windows is a different story. There's not too many precompiled libraries out there, so the only option would be to go searching for one, or compile it yourself. Because of how difficult Windows makes it, `devcert` will not even try to update the Firefox trust store automatically; instead, it will fallback to using the "Firefox wizard", detailed below. If you choose not to install `certutil`, you may get the following errors/prompts: - If you use Chrome on Linux: - WARNING: It looks like you have Chrome installed, but you specified - 'skipCertutilInstall: true'. Unfortunately, without installing - certutil, it's impossible get Chrome to trust devcert's certificates - The certificates will work, but Chrome will continue to warn you that - they are untrusted. + ```text + WARNING: It looks like you have Chrome installed, but you specified + 'skipCertutilInstall: true'. Unfortunately, without installing + certutil, it's impossible get Chrome to trust devcert's certificates + The certificates will work, but Chrome will continue to warn you that + they are untrusted. + ``` - If you have Firefox installed, `devcert` will try to utilize Firefox itself to trust the certificate - devcert was unable to automatically configure Firefox. You'll need to - complete this process manually. Don't worry though - Firefox will walk - you through it. + ```text + devcert was unable to automatically configure Firefox. You'll need to + complete this process manually. Don't worry though - Firefox will walk + you through it. - When you're ready, hit any key to continue. Firefox will launch and - display a wizard to walk you through how to trust the devcert - certificate. When you are finished, come back here and we'll finish up. - (If Firefox doesn't start, go ahead and start it and navigate to - http://localhost:52175 in a new tab.) + When you're ready, hit any key to continue. Firefox will launch and + display a wizard to walk you through how to trust the devcert + certificate. When you are finished, come back here and we'll finish up. + (If Firefox doesn't start, go ahead and start it and navigate to + http://localhost:52175 in a new tab.) - If you are curious about why all this is necessary, check out - https://github.com/davewasmer/devcert#how-it-works - + If you are curious about why all this is necessary, check out + https://github.com/davewasmer/devcert#how-it-works + + ``` - You can press enter here, and it will launch Firefox for you. @@ -112,7 +124,8 @@ If you need to use a custom https setup, you can pass the `--https`, `--key-file See the example commands below: -* Using `npm run develop` +- Using `npm run develop` + ```shell # Using relative paths $ npm run develop -- --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt @@ -121,7 +134,8 @@ See the example commands below: $ npm run develop -- --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt ``` -* Alternatively, you can run the development server using the gatsby cli +- Alternatively, you can run the development server using the gatsby cli + ```shell # Using relative paths $ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt From 91742a427506032bfbe20b9713094e65bede95e7 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Tue, 15 Oct 2019 19:37:53 -1000 Subject: [PATCH 21/31] Allow defining ca certificate from cli --- packages/gatsby-cli/src/create-cli.js | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/gatsby-cli/src/create-cli.js b/packages/gatsby-cli/src/create-cli.js index d5951327892a1..fa9b311109646 100644 --- a/packages/gatsby-cli/src/create-cli.js +++ b/packages/gatsby-cli/src/create-cli.js @@ -29,8 +29,8 @@ function buildLocalCommands(cli, isLocalSite) { // 'not dead' query not available in browserslist used in Gatsby v1 const DEFAULT_BROWSERS = getLocalGatsbyMajorVersion() === 1 - ? [`> 1%`, `last 2 versions`, `IE >= 9`] - : [`>0.25%`, `not dead`] + ? [ `> 1%`, `last 2 versions`, `IE >= 9` ] + : [ `>0.25%`, `not dead` ] const siteInfo = { directory, browserslist: DEFAULT_BROWSERS } const useYarn = existsSync(path.join(directory, `yarn.lock`)) @@ -44,7 +44,7 @@ function buildLocalCommands(cli, isLocalSite) { let version = getLocalGatsbyVersion() if (version) { - version = Number(version.split(`.`)[0]) + version = Number(version.split(`.`)[ 0 ]) } return version @@ -56,8 +56,8 @@ function buildLocalCommands(cli, isLocalSite) { report.verbose(`current directory: ${directory}`) return report.panic( `gatsby <${command}> can only be run for a gatsby site.\n` + - `Either the current working directory does not contain a valid package.json or ` + - `'gatsby' is not specified as a dependency` + `Either the current working directory does not contain a valid package.json or ` + + `'gatsby' is not specified as a dependency` ) } @@ -160,7 +160,7 @@ function buildLocalCommands(cli, isLocalSite) { // Return an empty promise to prevent handlerP from exiting early. // The development server shouldn't ever exit until the user directly // kills it so this is fine. - return new Promise(resolve => {}) + return new Promise(resolve => { }) }) ), }) @@ -250,10 +250,10 @@ function buildLocalCommands(cli, isLocalSite) { envinfo .run({ - System: [`OS`, `CPU`, `Shell`], - Binaries: [`Node`, `npm`, `Yarn`], - Browsers: [`Chrome`, `Edge`, `Firefox`, `Safari`], - Languages: [`Python`], + System: [ `OS`, `CPU`, `Shell` ], + Binaries: [ `Node`, `npm`, `Yarn` ], + Browsers: [ `Chrome`, `Edge`, `Firefox`, `Safari` ], + Languages: [ `Python` ], npmPackages: `gatsby*`, npmGlobalPackages: `gatsby*`, }) @@ -445,10 +445,10 @@ Creating a plugin: .strict() .fail((msg, err, yargs) => { const availableCommands = yargs.getCommands().map(commandDescription => { - const [command] = commandDescription - return command.split(` `)[0] + const [ command ] = commandDescription + return command.split(` `)[ 0 ] }) - const arg = argv.slice(2)[0] + const arg = argv.slice(2)[ 0 ] const suggestion = arg ? didYouMean(arg, availableCommands) : `` cli.showHelp() From 04a6074fb04f80df95e7289fa0d752491b92067a Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Wed, 29 Jan 2020 08:22:24 -1000 Subject: [PATCH 22/31] prettier code style formatting --- packages/gatsby-cli/src/create-cli.js | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/gatsby-cli/src/create-cli.js b/packages/gatsby-cli/src/create-cli.js index fa9b311109646..d5951327892a1 100644 --- a/packages/gatsby-cli/src/create-cli.js +++ b/packages/gatsby-cli/src/create-cli.js @@ -29,8 +29,8 @@ function buildLocalCommands(cli, isLocalSite) { // 'not dead' query not available in browserslist used in Gatsby v1 const DEFAULT_BROWSERS = getLocalGatsbyMajorVersion() === 1 - ? [ `> 1%`, `last 2 versions`, `IE >= 9` ] - : [ `>0.25%`, `not dead` ] + ? [`> 1%`, `last 2 versions`, `IE >= 9`] + : [`>0.25%`, `not dead`] const siteInfo = { directory, browserslist: DEFAULT_BROWSERS } const useYarn = existsSync(path.join(directory, `yarn.lock`)) @@ -44,7 +44,7 @@ function buildLocalCommands(cli, isLocalSite) { let version = getLocalGatsbyVersion() if (version) { - version = Number(version.split(`.`)[ 0 ]) + version = Number(version.split(`.`)[0]) } return version @@ -56,8 +56,8 @@ function buildLocalCommands(cli, isLocalSite) { report.verbose(`current directory: ${directory}`) return report.panic( `gatsby <${command}> can only be run for a gatsby site.\n` + - `Either the current working directory does not contain a valid package.json or ` + - `'gatsby' is not specified as a dependency` + `Either the current working directory does not contain a valid package.json or ` + + `'gatsby' is not specified as a dependency` ) } @@ -160,7 +160,7 @@ function buildLocalCommands(cli, isLocalSite) { // Return an empty promise to prevent handlerP from exiting early. // The development server shouldn't ever exit until the user directly // kills it so this is fine. - return new Promise(resolve => { }) + return new Promise(resolve => {}) }) ), }) @@ -250,10 +250,10 @@ function buildLocalCommands(cli, isLocalSite) { envinfo .run({ - System: [ `OS`, `CPU`, `Shell` ], - Binaries: [ `Node`, `npm`, `Yarn` ], - Browsers: [ `Chrome`, `Edge`, `Firefox`, `Safari` ], - Languages: [ `Python` ], + System: [`OS`, `CPU`, `Shell`], + Binaries: [`Node`, `npm`, `Yarn`], + Browsers: [`Chrome`, `Edge`, `Firefox`, `Safari`], + Languages: [`Python`], npmPackages: `gatsby*`, npmGlobalPackages: `gatsby*`, }) @@ -445,10 +445,10 @@ Creating a plugin: .strict() .fail((msg, err, yargs) => { const availableCommands = yargs.getCommands().map(commandDescription => { - const [ command ] = commandDescription - return command.split(` `)[ 0 ] + const [command] = commandDescription + return command.split(` `)[0] }) - const arg = argv.slice(2)[ 0 ] + const arg = argv.slice(2)[0] const suggestion = arg ? didYouMean(arg, availableCommands) : `` cli.showHelp() From 07dc617c9dcc804e23d80d40dcc2fed819f52e32 Mon Sep 17 00:00:00 2001 From: Jeremy Albright Date: Wed, 29 Jan 2020 08:25:35 -1000 Subject: [PATCH 23/31] keyPath / certPath are not being used. They also don't get returned from the new version of `devcert`, so there would be different return values returned from the different code paths for creating certificates --- packages/gatsby/src/commands/types.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/gatsby/src/commands/types.ts b/packages/gatsby/src/commands/types.ts index 6daa5cb333989..d4b7d4c0ce7b3 100644 --- a/packages/gatsby/src/commands/types.ts +++ b/packages/gatsby/src/commands/types.ts @@ -1,8 +1,6 @@ import { PackageJson, Reporter } from "gatsby" export interface ICert { - keyPath: string - certPath: string key: string cert: string } From cf381dfeb1d5bd845b72218856a051560a2dae09 Mon Sep 17 00:00:00 2001 From: Js-Brecht Date: Mon, 9 Mar 2020 09:38:44 -1000 Subject: [PATCH 24/31] install certutil automatically (if possible) --- docs/docs/local-https.md | 84 +++++++++++------------ packages/gatsby/src/utils/get-ssl-cert.js | 2 +- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index 2641876c2af05..a78a76752a8ae 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -37,68 +37,68 @@ Please enter the CA password: This is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, and when you are creating a brand new certificate. -After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. For various browsers (Firefox, and Chrome on Linux) it needs to use a utility called `certutil`. +After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. A utility called `certutil` will be needed to update the trust store for various browsers; specifically: Firefox, and Chrome (when it's running on Linux). ### In case `certutil` is not installed on your machine -`devcert` is configured to not install `certutil` automatically. You will need to do that yourself, if you want it to be able to setup the trust automatically. +`devcert` is configured to install `certutil` automatically, unless you're running Windows. If an automatic install is not successful, you may need to install it manually. -To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. +- To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. -On a linux OS, you should be able to simply run one of the following, depending on the flavor: + - On a linux OS, you should be able to simply run one of the following, depending on the flavor: -```shell -# Debian based (Ubuntu) -sudo apt install libnss3-tools + ```shell + # Debian based (Ubuntu) + sudo apt install libnss3-tools -# RHEL based (Fedora) -sudo yum install nss-tools + # RHEL based (Fedora) + sudo yum install nss-tools -# OpenSuse -sudo zypper install mozilla-nss-tools -``` + # OpenSuse + sudo zypper install mozilla-nss-tools + ``` -On MacOS, you should be able to run: + - On MacOS, you should be able to run: -```shell -brew install nss -``` + ```shell + brew install nss + ``` -Windows is a different story. There's not too many precompiled libraries out there, so the only option would be to go searching for one, or compile it yourself. Because of how difficult Windows makes it, `devcert` will not even try to update the Firefox trust store automatically; instead, it will fallback to using the "Firefox wizard", detailed below. + - With regards to Windows: There's not too many precompiled libraries out there, so the only option would be to go searching for one, or compile it yourself. Because of how difficult Windows makes it, `devcert` will not even try to update the Firefox trust store automatically; instead, it will fallback to using the "Firefox wizard", detailed below. -If you choose not to install `certutil`, you may get the following errors/prompts: + If you choose not to install `certutil`, or the automatic install is not successful, you may get the following errors/prompts: -- If you use Chrome on Linux: + - If you use Chrome on Linux: - ```text - WARNING: It looks like you have Chrome installed, but you specified - 'skipCertutilInstall: true'. Unfortunately, without installing - certutil, it's impossible get Chrome to trust devcert's certificates - The certificates will work, but Chrome will continue to warn you that - they are untrusted. - ``` + ```text + WARNING: It looks like you have Chrome installed, but you specified + 'skipCertutilInstall: true'. Unfortunately, without installing + certutil, it's impossible get Chrome to trust devcert's certificates + The certificates will work, but Chrome will continue to warn you that + they are untrusted. + ``` -- If you have Firefox installed, `devcert` will try to utilize Firefox itself to trust the certificate + - If you have Firefox installed, `devcert` will try to utilize Firefox itself to trust the certificate - ```text - devcert was unable to automatically configure Firefox. You'll need to - complete this process manually. Don't worry though - Firefox will walk - you through it. + ```text + devcert was unable to automatically configure Firefox. You'll need to + complete this process manually. Don't worry though - Firefox will walk + you through it. - When you're ready, hit any key to continue. Firefox will launch and - display a wizard to walk you through how to trust the devcert - certificate. When you are finished, come back here and we'll finish up. - (If Firefox doesn't start, go ahead and start it and navigate to - http://localhost:52175 in a new tab.) + When you're ready, hit any key to continue. Firefox will launch and + display a wizard to walk you through how to trust the devcert + certificate. When you are finished, come back here and we'll finish up. + (If Firefox doesn't start, go ahead and start it and navigate to + http://localhost:52175 in a new tab.) - If you are curious about why all this is necessary, check out - https://github.com/davewasmer/devcert#how-it-works - - ``` + If you are curious about why all this is necessary, check out + https://github.com/davewasmer/devcert#how-it-works + + ``` - - You can press enter here, and it will launch Firefox for you. + - You can press enter here, and it will launch Firefox for you. - - If you wish to have trust support on Firefox, tell the point-and-click wizard `this certificate can identify websites`, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. **Reminder: you'll only need to do this once per machine.** + - If you wish to have trust support on Firefox, tell the point-and-click wizard `this certificate can identify websites`, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. **Reminder: you'll only need to do this once per machine.** ### After `devcert` setup process diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 713594265aa75..5cd7acc5b3fda 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -74,7 +74,7 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { const getDevCert = require(`devcert`).certificateFor const { caPath, key, cert } = await getDevCert(name, { getCaPath: true, - skipCertutilInstall: true, + skipCertutilInstall: false, ui: { getWindowsEncryptionPassword, }, From e360131f637a0db46fc413ba598fe0ff1e852bc8 Mon Sep 17 00:00:00 2001 From: Js-Brecht Date: Mon, 9 Mar 2020 09:51:16 -1000 Subject: [PATCH 25/31] devcert api call test fix --- packages/gatsby/src/utils/__tests__/get-ssl-cert.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/gatsby/src/utils/__tests__/get-ssl-cert.js b/packages/gatsby/src/utils/__tests__/get-ssl-cert.js index f3823103a5ea7..3997ae64d4b0d 100644 --- a/packages/gatsby/src/utils/__tests__/get-ssl-cert.js +++ b/packages/gatsby/src/utils/__tests__/get-ssl-cert.js @@ -62,7 +62,7 @@ describe(`gets ssl certs`, () => { getSslCert({ name: `mock-cert` }) expect(getDevCert).toBeCalledWith(`mock-cert`, { getCaPath: true, - skipCertutilInstall: true, + skipCertutilInstall: false, ui: { getWindowsEncryptionPassword: expect.any(Function), }, From 5c7caa2e2c2aaa9a207c8fcc71450a359a4428db Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Tue, 10 Mar 2020 06:07:55 -1000 Subject: [PATCH 26/31] use braces Co-Authored-By: Ward Peeters --- packages/gatsby/src/utils/get-ssl-cert.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js index 5cd7acc5b3fda..5e6b82c2f44fa 100644 --- a/packages/gatsby/src/utils/get-ssl-cert.js +++ b/packages/gatsby/src/utils/get-ssl-cert.js @@ -79,7 +79,9 @@ module.exports = async ({ name, certFile, keyFile, caFile, directory }) => { getWindowsEncryptionPassword, }, }) - if (caPath) process.env.NODE_EXTRA_CA_CERTS = caPath + if (caPath) { + process.env.NODE_EXTRA_CA_CERTS = caPath + } return { key, cert, From 23989662333d0d7d342a75f215c9523395c88951 Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Tue, 10 Mar 2020 06:13:58 -1000 Subject: [PATCH 27/31] Updated docs per suggestions Co-Authored-By: Ward Peeters Co-Authored-By: LB --- docs/docs/local-https.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index a78a76752a8ae..d25286e71aac7 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -35,7 +35,7 @@ to use this same password. Please enter the CA password: ``` -This is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, and when you are creating a brand new certificate. +The password is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, or when you are creating a brand new certificate. After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. A utility called `certutil` will be needed to update the trust store for various browsers; specifically: Firefox, and Chrome (when it's running on Linux). @@ -45,7 +45,7 @@ After typing in your password, `devcert` will install the CA certificate in your - To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. - - On a linux OS, you should be able to simply run one of the following, depending on the flavor: + - On a linux OS, you should be able to run one of the following, depending on your Linux distro: ```shell # Debian based (Ubuntu) @@ -64,7 +64,7 @@ After typing in your password, `devcert` will install the CA certificate in your brew install nss ``` - - With regards to Windows: There's not too many precompiled libraries out there, so the only option would be to go searching for one, or compile it yourself. Because of how difficult Windows makes it, `devcert` will not even try to update the Firefox trust store automatically; instead, it will fallback to using the "Firefox wizard", detailed below. + - With regards to Windows: Precompiled libraries are rare, so you may need to compile it yourself. Because of how difficult Windows makes it, `devcert` will not attempt to update the Firefox trust store automatically; instead, it will fall back to using the "Firefox wizard", detailed below. If you choose not to install `certutil`, or the automatic install is not successful, you may get the following errors/prompts: @@ -102,7 +102,7 @@ After typing in your password, `devcert` will install the CA certificate in your ### After `devcert` setup process -You can open the development server at [https://localhost:8000](https://localhost:8000) and enjoy the HTTPS goodness ✨. Of course, you may change the port according to your setup. +You can open the development server at `https://localhost:8000` and enjoy the HTTPS goodness ✨. Of course, you may change the port according to your setup. Find out more about [how devcert works](https://github.com/davewasmer/devcert#how-it-works). @@ -146,7 +146,7 @@ See the example commands below: Usage of the `--ca-file` flag is only required if your certificate is signed by a certificate authority. -If your certificate is self-signed, then do not include the `--ca-file` flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser's, in Firefox's case) root certificate store in order for your browser to trust it. +If your certificate is self-signed, then do not include the `--ca-file` flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser's, in Firefox's case) root certificate store for your browser to trust it. In most cases, the `--https` passed by itself is easier and more convenient to get local https. From ea47440102b78ee44ec301e0378d0f52764b45fc Mon Sep 17 00:00:00 2001 From: Js-Brecht Date: Tue, 10 Mar 2020 06:18:36 -1000 Subject: [PATCH 28/31] all-caps HTTPS --- docs/docs/local-https.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index d25286e71aac7..034c4e36f9593 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -112,10 +112,10 @@ If you want to do some maintenance/cleanup of the certificates generated by `dev ## Custom Key and Certificate Files -You may find that you need a custom key and certificate file for https if you use multiple +You may find that you need a custom key and certificate file for HTTPS if you use multiple machines for development (or if your dev environment is containerized in Docker). -If you need to use a custom https setup, you can pass the `--https`, `--key-file`, +If you need to use a custom HTTPS setup, you can pass the `--https`, `--key-file`, `--cert-file`, and `--ca-file` flags to `npm run develop`. - `--cert-file` [relative/absolute path to ssl certificate file] From edc486ab10bcd16428b23779a9dda5182b905dc8 Mon Sep 17 00:00:00 2001 From: Jeremy Albright <1935258+Js-Brecht@users.noreply.github.com> Date: Tue, 10 Mar 2020 07:07:54 -1000 Subject: [PATCH 29/31] doc: devcert-cli change Co-Authored-By: LB --- docs/docs/local-https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index 034c4e36f9593..63b567797234b 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -108,7 +108,7 @@ Find out more about [how devcert works](https://github.com/davewasmer/devcert#ho ### Management of certificates generated by devcert -If you want to do some maintenance/cleanup of the certificates generated by `devcert`, please refer to [devcert-cli](https://github.com/davewasmer/devcert-cli/blob/master/README.md) +If you want to do some maintenance/cleanup of the certificates generated by `devcert`, please refer to the [devcert-cli](https://github.com/davewasmer/devcert-cli/blob/master/README.md) ## Custom Key and Certificate Files From 42964004b837d84d9d75ae91aed39b4b99487380 Mon Sep 17 00:00:00 2001 From: Laurie Barth Date: Tue, 10 Mar 2020 13:27:17 -0400 Subject: [PATCH 30/31] restructure doc --- docs/docs/local-https.md | 130 +++++++++++++++++++++------------------ 1 file changed, 70 insertions(+), 60 deletions(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index 034c4e36f9593..8a7380cf4c902 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -9,7 +9,7 @@ Gatsby provides an easy way to use a local HTTPS server during development, than Start the development server using `npm run develop` as usual, and add either the `-S` or `--https` flag. ```shell -$ npm run develop -- --https +npm run develop -- --https ``` ## Setup @@ -37,76 +37,90 @@ Please enter the CA password: The password is _only_ required the first time you are using Gatsby's HTTPS feature on your machine, or when you are creating a brand new certificate. -After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. A utility called `certutil` will be needed to update the trust store for various browsers; specifically: Firefox, and Chrome (when it's running on Linux). +## Using `Certutil` -### In case `certutil` is not installed on your machine +After typing in your password, `devcert` will install the CA certificate in your operating system trusted certs store. A utility called `certutil` will be needed to update the trust store for various browsers; specifically: Firefox, and Chrome (when it's running on Linux). `devcert` is configured to install `certutil` automatically, unless you're running Windows. If an automatic install is not successful, you may need to install it manually. -- To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. +### Manual Installation of `Certutil` - - On a linux OS, you should be able to run one of the following, depending on your Linux distro: +To install `certutil`, you need to install the `nss tools` package(s). The exact procedure will differ depending on your operating system. - ```shell - # Debian based (Ubuntu) - sudo apt install libnss3-tools +#### Linux - # RHEL based (Fedora) - sudo yum install nss-tools +On a linux OS, you should be able to run one of the following, depending on your Linux distro: - # OpenSuse - sudo zypper install mozilla-nss-tools - ``` +```shell +# Debian based (Ubuntu) +sudo apt install libnss3-tools - - On MacOS, you should be able to run: +# RHEL based (Fedora) +sudo yum install nss-tools - ```shell - brew install nss - ``` +# OpenSuse +sudo zypper install mozilla-nss-tools +``` - - With regards to Windows: Precompiled libraries are rare, so you may need to compile it yourself. Because of how difficult Windows makes it, `devcert` will not attempt to update the Firefox trust store automatically; instead, it will fall back to using the "Firefox wizard", detailed below. +#### MacOS - If you choose not to install `certutil`, or the automatic install is not successful, you may get the following errors/prompts: +Run the following command: - - If you use Chrome on Linux: +```shell +brew install nss +``` - ```text - WARNING: It looks like you have Chrome installed, but you specified - 'skipCertutilInstall: true'. Unfortunately, without installing - certutil, it's impossible get Chrome to trust devcert's certificates - The certificates will work, but Chrome will continue to warn you that - they are untrusted. - ``` +#### Windows - - If you have Firefox installed, `devcert` will try to utilize Firefox itself to trust the certificate +Pre-compiled libraries are rare, so you may need to compile it yourself. Because of how difficult Windows makes it, `devcert` will not attempt to update the Firefox trust store automatically; instead, it will fall back to using the "Firefox wizard", detailed below. - ```text - devcert was unable to automatically configure Firefox. You'll need to - complete this process manually. Don't worry though - Firefox will walk - you through it. +### Debugging Installation - When you're ready, hit any key to continue. Firefox will launch and - display a wizard to walk you through how to trust the devcert - certificate. When you are finished, come back here and we'll finish up. - (If Firefox doesn't start, go ahead and start it and navigate to - http://localhost:52175 in a new tab.) +If you choose not to install `certutil`, or the automatic install is not successful, you may get the following errors/prompts: - If you are curious about why all this is necessary, check out - https://github.com/davewasmer/devcert#how-it-works - - ``` +#### Chrome on Linux - - You can press enter here, and it will launch Firefox for you. +```text +WARNING: It looks like you have Chrome installed, but you specified +'skipCertutilInstall: true'. Unfortunately, without installing +certutil, it's impossible get Chrome to trust devcert's certificates +The certificates will work, but Chrome will continue to warn you that +they are untrusted. +``` - - If you wish to have trust support on Firefox, tell the point-and-click wizard `this certificate can identify websites`, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. **Reminder: you'll only need to do this once per machine.** +#### Firefox -### After `devcert` setup process +If you have Firefox installed, `devcert` will try to utilize Firefox itself to trust the certificate + +```text +devcert was unable to automatically configure Firefox. You'll need to +complete this process manually. Don't worry though - Firefox will walk +you through it. + +When you're ready, hit any key to continue. Firefox will launch and +display a wizard to walk you through how to trust the devcert +certificate. When you are finished, come back here and we'll finish up. +(If Firefox doesn't start, go ahead and start it and navigate to +http://localhost:52175 in a new tab.) + +If you are curious about why all this is necessary, check out +https://github.com/davewasmer/devcert#how-it-works + +``` + +Your options are as follows: + +- Press enter and it will launch Firefox for you. + +- If you wish to have trust support on Firefox, tell the point-and-click wizard `this certificate can identify websites`, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. **Reminder: you'll only need to do this once per machine.** + +## After `devcert` setup process You can open the development server at `https://localhost:8000` and enjoy the HTTPS goodness ✨. Of course, you may change the port according to your setup. Find out more about [how devcert works](https://github.com/davewasmer/devcert#how-it-works). -### Management of certificates generated by devcert +## Management of certificates generated by devcert If you want to do some maintenance/cleanup of the certificates generated by `devcert`, please refer to [devcert-cli](https://github.com/davewasmer/devcert-cli/blob/master/README.md) @@ -122,27 +136,23 @@ If you need to use a custom HTTPS setup, you can pass the `--https`, `--key-file - `--key-file` [relative/absolute path to ssl key file] - `--ca-file` [relative/absolute path to ssl certificate authority file] -See the example commands below: +### Using `npm run develop` -- Using `npm run develop` +```shell +npm run develop -- --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt +``` - ```shell - # Using relative paths - $ npm run develop -- --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt +> Note: You can use relative or absolute paths with this command - # Or using absolute paths - $ npm run develop -- --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt - ``` +### Using the Gatsby CLI -- Alternatively, you can run the development server using the gatsby cli +```shell +gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt +``` - ```shell - # Using relative paths - $ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt --ca-file ../relative/path/to/ca.crt +> Note: You can use relative or absolute paths with this command - # Or using absolute paths - $ gatsby develop --https --key-file /absolute/path/to/key.key --cert-file /absolute/path/to/cert.crt --ca-file /absolute/path/to/ca.crt - ``` +### Flag usage Usage of the `--ca-file` flag is only required if your certificate is signed by a certificate authority. From f2ac0a12e41e9d9c074917c3fb8c181ca657705a Mon Sep 17 00:00:00 2001 From: Js-Brecht Date: Tue, 10 Mar 2020 07:36:56 -1000 Subject: [PATCH 31/31] missed an HTTPS --- docs/docs/local-https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md index acd435fba0195..0198d43c52ce6 100644 --- a/docs/docs/local-https.md +++ b/docs/docs/local-https.md @@ -158,7 +158,7 @@ Usage of the `--ca-file` flag is only required if your certificate is signed by If your certificate is self-signed, then do not include the `--ca-file` flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser's, in Firefox's case) root certificate store for your browser to trust it. -In most cases, the `--https` passed by itself is easier and more convenient to get local https. +In most cases, the `--https` passed by itself is easier and more convenient to get local HTTPS. ---