Enable both manual and automatic HTTPS/SSL mode

[nermin99]

Why was support(#274) for automatic HTTPS removed? As per #520 and #511 it is understandable that users might want to use manual certs and keys, but there is still, no even more, use cases for automatic SSL/HTTPS. One of the biggest reasons why serve is so popular is because it's a one-line command to literally "serve" your application. If a user wants or for some reason needs HTTPS they don't wanna have to go through a whole process of installing another tool just to get it.

Personally I stumbled upon serve when building my create-react-app and wanted to "serve" it. But because I use service workers and push notifications I need to serve it over HTTPS so I can test on other devices on the network. Sure I can get HTTPS for my self as per #520, but my co-workers can't, since they might not have their own manual certs and keys... you see the problem?

There is no reason why both manual and automatic HTTPS can't be supported.

[jwarby]

It looks like support was dropped during a rewrite in 2018, whether intentionally or not I don't know 🤷

For now I'm running serve at version 6 instead (npx serve@6 --ssl ...) and it's working well for my particular use case (serving builds on localhost over HTTPS and running end-to-end tests against them).

[TimDaub]

For now I'm running serve at version 6 instead (npx serve@6 --ssl ...) and it's working well for my particular use case

lovely :) Thanks for pointing out that version.

[TimDaub]

I fix and published vercel/[email protected] as npm i ssl-serve.
Repo: https://github.com/TimDaub/ssl-serve

[warren-bank]

shameless self-promotion alert:
this feature is available in my @warren-bank/serve fork of serve

notes:

• --ssl is a convience option that is equivalent to:
  • --ssl-cert cert.pem
  • --ssl-key key.pem
  • --ssl-pass pass.phrase
• this is a certificate that I generated with OpenSSL
  • scripts are included to regenerate a new certificate
  • ..if you choose to do so, just make sure the filenames are consistent,
    as --ssl uses hard-coded (relative) paths

[gavinr-maps]

@AndyBitz if this functionality (automatic HTTPS/SSL using a self-signed cert when running npx serve --ssl) is added via PR, would the maintainers consider it for merging?

(related/duplicate: #614)

[AndyBitz]

@gavinr-maps Yes! That sounds like a good idea. Functionality wise I can imagine something like we have for Next.js next dev --experimental-https.

[rlidwka]

Is there any option in HTTP 2 or HTTP 3 for opportunistic encryption?

I want serve to be encrypted by default (e.g. if I need to use it to share files to my phone over wifi). But I don't want the browser to scream at me for doing so.