feat: add optional SSL/TLS support for HTTPS#362
Open
mjfork wants to merge 4 commits intositeboon:mainfrom
Open
feat: add optional SSL/TLS support for HTTPS#362mjfork wants to merge 4 commits intositeboon:mainfrom
mjfork wants to merge 4 commits intositeboon:mainfrom
Conversation
Add support for running the server with HTTPS by configuring SSL_CERT and SSL_KEY environment variables. When both variables are set and the certificate files exist, the server automatically uses HTTPS instead of HTTP. This enables secure connections for deployments that require encryption, while maintaining full backward compatibility (HTTP remains the default). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
WalkthroughAdds optional HTTPS support: Changes
Sequence Diagram(s)sequenceDiagram
participant Env as "Environment"
participant FS as "Filesystem"
participant Server as "Node process"
participant Client as "Client / Browser"
participant WS as "WebSocket"
Env->>Server: Provide PORT, SSL_PORT, SSL_CERT, SSL_KEY
Server->>FS: Check existence of SSL_CERT & SSL_KEY
alt both files exist
Server->>Server: create HTTPS server (https.createServer)
Server->>WS: attach WebSocket to HTTPS server
Server->>Server: listen on SSL_PORT or PORT
else missing/invalid
Server->>Server: create HTTP server (http.createServer)
Server->>WS: attach WebSocket to HTTP server
Server->>Server: listen on PORT
end
Server->>Client: Log protocol-aware URL (http(s)://host:port)
Client->>Server: Connect via http(s)
Client->>WS: Establish WebSocket over same server
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
No actionable comments were generated in the recent review. 🎉 Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In `@server/index.js`:
- Around line 1844-1845: The log currently derives protocol from
SSL_CERT/SSL_KEY which can be wrong if TLS setup fails; change the console.log
that prints Server URL to use the actual runtime flag `useHttps` (the boolean
produced by your server creation logic) instead of checking SSL_CERT/SSL_KEY,
e.g. compute protocol = useHttps ? 'https' : 'http' and use that in the
c.bright(...) output so the log reflects the real server mode (refer to the
`useHttps` variable and the existing console.log line).
- Around line 193-207: Wrap the SSL certificate reading and HTTPS server
creation in a try/catch to handle read permissions, invalid/corrupt certs, or
createServer errors: when SSL_CERT/SSL_KEY are present and files exist, attempt
to fs.readFileSync both files and call https.createServer inside a try block,
set a boolean flag useHttps = true on success and fall back to http.createServer
with useHttps = false on any thrown error; ensure processLogger/console.error
logs include the caught error and a clear message; finally, update the
startup/protocol log to reference the useHttps flag (not just presence of
SSL_CERT/SSL_KEY) so it accurately reflects whether the HTTPS server was
actually created.
- Wrap SSL certificate reading and HTTPS server creation in try/catch - Add useHttps flag to track actual server state - Update protocol log to use useHttps flag instead of env vars - Gracefully fallback to HTTP if certificate loading fails Addresses code review feedback from CodeRabbit. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Allow configuring a separate port for HTTPS via SSL_PORT environment variable. When SSL is enabled and SSL_PORT is set, the server listens on that port. Otherwise, it falls back to PORT. This enables common setups where HTTP runs on port 3001 and HTTPS runs on port 443. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SSL_CERTandSSL_KEYenvironment variablesFixes #361
Changes
server/index.js: Importhttpsmodule, conditionally create HTTPS server when SSL configured.env.example: Added SSL/TLS configuration section with documentationExample Usage
Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Improvements