generate ssl certs per instance

Author: shellscape

.gitignore

@@ -3,3 +3,4 @@ node_modules
 /client/index.bundle.js
 /client/sockjs.bundle.js
 /coverage
+*.pem

lib/Server.js

@@ -1,18 +1,21 @@
 "use strict";
 
-const fs = require("fs");
 const chokidar = require("chokidar");
-const path = require("path");
-const webpackDevMiddleware = require("webpack-dev-middleware");
-const express = require("express");
 const compress = require("compression");
-const sockjs = require("sockjs");
+const del = require("del");
+const express = require("express");
+const fs = require("fs");
 const http = require("http");
-const spdy = require("spdy");
 const httpProxyMiddleware = require("http-proxy-middleware");
 const serveIndex = require("serve-index");
 const historyApiFallback = require("connect-history-api-fallback");
+const path = require("path");
+const selfsigned = require("selfsigned");
+const sockjs = require("sockjs");
+const spdy = require("spdy");
 const webpack = require("webpack");
+const webpackDevMiddleware = require("webpack-dev-middleware");
+
 const OptionsValidationError = require("./OptionsValidationError");
 const optionsSchema = require("./optionsSchema.json");
 
@@ -360,8 +363,37 @@ function Server(compiler, options) {
 			};
 		}
 
-		// Use built-in self-signed certificate if no certificate was configured
-		const fakeCert = fs.readFileSync(path.join(__dirname, "../ssl/server.pem"));
+		// Use a self-signed certificate if no certificate was configured.
+		// Cycle certs every 24 hours
+		const certPath = path.join(__dirname, "../ssl/server.pem");
+		let certExists = fs.existsSync(certPath);
+
+		if(certExists) {
+			const certStat = fs.statSync(certPath);
+			const certTtl = 1000 * 60 * 60 * 24;
+			const now = new Date();
+
+			// cert is more than 30 days old, kill it with fire
+			if((now - certStat.ctime) / certTtl > 30) {
+				console.log("SSL Certificate is more than 30 days old. Removing.");
+				del.sync([certPath], { force: true });
+				certExists = false;
+			}
+		}
+
+		if(!certExists) {
+			console.log("Generating SSL Certificate");
+			const attrs = [{ name: "commonName", value: "localhost" }];
+			const pems = selfsigned.generate(attrs, {
+				algorithm: "sha256",
+				days: 30,
+				keySize: 2048
+			});
+
+			fs.writeFileSync(certPath, pems.private + pems.cert, { encoding: "utf-8" });
+		}
+
+		const fakeCert = fs.readFileSync(certPath);
 		options.https.key = options.https.key || fakeCert;
 		options.https.cert = options.https.cert || fakeCert;
 

package.json

@@ -11,11 +11,13 @@
     "chokidar": "^1.6.0",
     "compression": "^1.5.2",
     "connect-history-api-fallback": "^1.3.0",
+    "del": "^3.0.0",
     "express": "^4.13.3",
     "html-entities": "^1.2.0",
     "http-proxy-middleware": "~0.17.4",
     "opn": "4.0.2",
     "portfinder": "^1.0.9",
+    "selfsigned": "^1.9.1",
     "serve-index": "^1.7.2",
     "sockjs": "0.3.18",
     "sockjs-client": "1.1.2",