Merge pull request #942 from webpack/ssl-path

Ssl path

Author: shellscape

.gitignore

@@ -3,3 +3,4 @@ node_modules
 /client/index.bundle.js
 /client/sockjs.bundle.js
 /coverage
+*.pem

examples/https/README.md

@@ -1,16 +1,36 @@
 # https
 
+By default webpack-dev-server will generate a self-signed, 2048 bit, sha256 SSL
+Certificate, which is used to enable https. The certificate will be located in the
+`ssl` directory afte the server is started for the first time. The generated
+certificate is only good for 30 days, at which point it'll be regenerated.
+
+We highly recommend creating and managing your own certificates. Please see the
+following resources for doing so:
+
+* (MacOS) https://certsimple.com/blog/localhost-ssl-fix
+* (Windows) https://technet.microsoft.com/itpro/powershell/windows/pkiclient/new-selfsignedcertificate
+
+## Getting Started
+
 ```shell
 node ../../bin/webpack-dev-server.js --open --https
 ```
 
-A fake certificate is used to enable https.
+## Using Your Certificate
+
+Options are available for using your own SSL Certificate in your preferred or
+OS-required format.
 
-You can provide the following SSL options to override the fake certificate:
+Given the base command `node ../../bin/webpack-dev-server.js --open --https`, append
+one of the following:
 
-* Certificate options e.g. `node ../../bin/webpack-dev-server.js --open --https --cert=../../ssl/server.pem --key=../../ssl/server.pem`
-* PFX and Passphrase e.g. `node ../../bin/webpack-dev-server.js --open --https --pfx=./test_cert.pfx --pfx-passphrase=sample`
+* (PEM Files)  `--cert=../../ssl/server.pem --key=../../ssl/server.pem`
+* (PFX and Passphrase) `--pfx=./test_cert.pfx --pfx-passphrase=sample`
 
-## What should happen
+## What To Expect
 
-The script should open `https://localhost:8080/`. Your browser will probably give you a warning about using an invalid certificate. After ignoring this warning, you should see "It's working."
+The script should open `https://localhost:8080/`in your default browser. If your
+browser displays a warning about a non-trusted certificate, follow the procedure
+for your browser of choice to continue. After doing so you should see "It's Working"
+displayed on the page.

lib/Server.js

@@ -1,18 +1,21 @@
 "use strict";
 
-const fs = require("fs");
 const chokidar = require("chokidar");
-const path = require("path");
-const webpackDevMiddleware = require("webpack-dev-middleware");
-const express = require("express");
 const compress = require("compression");
-const sockjs = require("sockjs");
+const del = require("del");
+const express = require("express");
+const fs = require("fs");
 const http = require("http");
-const spdy = require("spdy");
 const httpProxyMiddleware = require("http-proxy-middleware");
 const serveIndex = require("serve-index");
 const historyApiFallback = require("connect-history-api-fallback");
+const path = require("path");
+const selfsigned = require("selfsigned");
+const sockjs = require("sockjs");
+const spdy = require("spdy");
 const webpack = require("webpack");
+const webpackDevMiddleware = require("webpack-dev-middleware");
+
 const OptionsValidationError = require("./OptionsValidationError");
 const optionsSchema = require("./optionsSchema.json");
 
@@ -360,8 +363,37 @@ function Server(compiler, options) {
 			};
 		}
 
-		// Use built-in self-signed certificate if no certificate was configured
-		const fakeCert = fs.readFileSync(path.join(__dirname, "../ssl/server.pem"));
+		// Use a self-signed certificate if no certificate was configured.
+		// Cycle certs every 24 hours
+		const certPath = path.join(__dirname, "../ssl/server.pem");
+		let certExists = fs.existsSync(certPath);
+
+		if(certExists) {
+			const certStat = fs.statSync(certPath);
+			const certTtl = 1000 * 60 * 60 * 24;
+			const now = new Date();
+
+			// cert is more than 30 days old, kill it with fire
+			if((now - certStat.ctime) / certTtl > 30) {
+				console.log("SSL Certificate is more than 30 days old. Removing.");
+				del.sync([certPath], { force: true });
+				certExists = false;
+			}
+		}
+
+		if(!certExists) {
+			console.log("Generating SSL Certificate");
+			const attrs = [{ name: "commonName", value: "localhost" }];
+			const pems = selfsigned.generate(attrs, {
+				algorithm: "sha256",
+				days: 30,
+				keySize: 2048
+			});
+
+			fs.writeFileSync(certPath, pems.private + pems.cert, { encoding: "utf-8" });
+		}
+
+		const fakeCert = fs.readFileSync(certPath);
 		options.https.key = options.https.key || fakeCert;
 		options.https.cert = options.https.cert || fakeCert;
 

package.json

@@ -11,11 +11,13 @@
     "chokidar": "^1.6.0",
     "compression": "^1.5.2",
     "connect-history-api-fallback": "^1.3.0",
+    "del": "^3.0.0",
     "express": "^4.13.3",
     "html-entities": "^1.2.0",
     "http-proxy-middleware": "~0.17.4",
     "opn": "4.0.2",
     "portfinder": "^1.0.9",
+    "selfsigned": "^1.9.1",
     "serve-index": "^1.7.2",
     "sockjs": "0.3.18",
     "sockjs-client": "1.1.2",