added develop command options to use custom key and certs (#5056)

* added develop command options to use custom key and certs * fixed typos in doc * added condition to make sure both --key-file and --cert-file are present * - passing https flag results in automatic https certs [devcert] - --cert-file, --key-file, and --https flags can be used together for custom ssl - if all flags needed for custom ssl are not present an error is displayed to the user - if provided --cert-file and --key-file paths are not real files, node gives a rejection - modified docs to express current behavior
gatsbyjs · May 8, 2018 · c5ae88b · c5ae88b
1 parent 127b996
commit c5ae88b
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 10 deletions.
diff --git a/docs/docs/local-https.md b/docs/docs/local-https.md
@@ -4,7 +4,7 @@ title: "Local HTTPS"
 
 Gatsby provides an easy way to use a local HTTPS server during development, thanks to [devcert](https://github.com/davewasmer/devcert). When you enable the `https` option, a private key and certificate file will be created for your project and used by the development server.
 
-## Usage
+## Usage (Automatic HTTPS)
 
 Start the development server using `gatsby develop` as usual, and add either the `-S` or `--https` flag.
 
@@ -33,6 +33,21 @@ Now open the development server at [https://localhost:8000](https://localhost:80
 
 Find out more about [how devcert works](https://github.com/davewasmer/devcert#how-it-works).
 
+## Custom Key and Certificate Files
+
+You may find that you need a custom key and certificate file for https if you use multiple
+machines for development (or if your dev environment is containerized in Docker).
+
+If you need to use a custom https setup, you can pass the `--https`, `--key-file` and
+`--cert-file` flags to `gatsby develop`.
+
+  - `--cert-file` [relative path to ssl certificate file]
+  - `--key-file` [relative path to ssl key file]
+
+    $ gatsby develop --https --key-file ../relative/path/to/key.key --cert-file ../relative/path/to/cert.crt
+
+in most cases, the `--https` passed by itself is easier and more convenient to get local https.
+
 ---
 
-Keep in mind that the certificates are explicitly issued to `localhost` and will only be accepted there. Using it together with the `--host` option will likely result in browser warnings.
+Keep in mind that the automatic certificates issued with the `--https` flag are explicitly issued to `localhost` and will only be accepted there. Using it together with the `--host` option will likely result in browser warnings.
diff --git a/packages/gatsby-cli/src/create-cli.js b/packages/gatsby-cli/src/create-cli.js
@@ -102,7 +102,19 @@ function buildLocalCommands(cli, isLocalSite) {
         .option(`S`, {
           alias: `https`,
           type: `boolean`,
-          describe: `Use HTTPS. See https://www.gatsbyjs.org/docs/local-https/ for an initial setup guide`,
+          describe: `Use HTTPS. See https://www.gatsbyjs.org/docs/local-https/ as a guide`,
+        })
+        .option(`c`, {
+          alias: `cert-file`,
+          type: `string`,
+          default: ``,
+          describe: `Custom HTTPS cert file (relative path; also required: --https, --key-file). See https://www.gatsbyjs.org/docs/local-https/`,
+        })
+        .option(`k`, {
+          alias: `key-file`,
+          type: `string`,
+          default: ``,
+          describe: `Custom HTTPS key file (relative path; also required: --https, --cert-file). See https://www.gatsbyjs.org/docs/local-https/`,
         }),
     handler: handlerP(
       getCommandHandler(`develop`, (args, cmd) => {

diff --git a/packages/gatsby/src/commands/develop.js b/packages/gatsby/src/commands/develop.js
@@ -248,12 +248,27 @@ async function startServer(program) {
 module.exports = async (program: any) => {
   const detect = require(`detect-port`)
   const port =
-    typeof program.port === `string` ? parseInt(program.port, 10) : program.port
+    typeof program.port === `string`
+      ? parseInt(program.port, 10)
+      : program.port
+
+  // In order to enable custom ssl, --cert-file --key-file and -https flags must all be
+  // used together
+  if ((program[`cert-file`] || program[`key-file`]) && !program.https) {
+    report.panic(
+      `for custom ssl --https, --cert-file, and --key-file must be used together`
+    )
+  }
 
   // Check if https is enabled, then create or get SSL cert.
   // Certs are named after `name` inside the project's package.json.
   if (program.https) {
-    program.ssl = await getSslCert(program.sitePackageJson.name)
+    program.ssl = await getSslCert({
+      name: program.sitePackageJson.name,
+      certFile: program[`cert-file`],
+      keyFile: program[`key-file`],
+      directory: program.directory,
+    })
   }
 
   let compiler

diff --git a/packages/gatsby/src/utils/get-ssl-cert.js b/packages/gatsby/src/utils/get-ssl-cert.js
@@ -1,9 +1,30 @@
 const getDevelopmentCertificate = require(`devcert-san`).default
 const report = require(`gatsby-cli/lib/reporter`)
+const fs = require(`fs`)
+const path = require(`path`)
 
-module.exports = async name => {
-  report.info(`setting up SSL certificate (may require sudo)\n`)
+module.exports = async ({ name, certFile, keyFile, directory }) => {
+  // check that cert file and key file are both true or both false, if they are both
+  // false, it defaults to the automatic ssl
+  if (certFile ? !keyFile : keyFile) {
+    report.panic(
+      `for custom ssl --https, --cert-file, and --key-file must be used together`
+    )
+  }
+
+  if (certFile && keyFile) {
+    const keyPath = path.join(directory, keyFile)
+    const certPath = path.join(directory, certFile)
+
+    return await {
+      keyPath,
+      certPath,
+      key: fs.readFileSync(keyPath),
+      cert: fs.readFileSync(certPath),
+    }
+  }
 
+  report.info(`setting up automatic SSL certificate (may require sudo)\n`)
   try {
     return await getDevelopmentCertificate(name, {
       installCertutil: true,

diff --git a/yarn.lock b/yarn.lock
@@ -654,6 +654,13 @@ axios@^0.17.1:
     follow-redirects "^1.2.5"
     is-buffer "^1.1.5"
 
+axios@contentful/axios#fix/https-via-http-proxy:
+  version "0.17.1"
+  resolved "https://codeload.github.com/contentful/axios/tar.gz/4b06f4a63db3ac16c99f7c61b584ef0e6d11f1af"
+  dependencies:
+    follow-redirects "^1.2.5"
+    is-buffer "^1.1.5"
+
 axobject-query@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-0.1.0.tgz#62f59dbc59c9f9242759ca349960e7a2fe3c36c0"
@@ -2708,7 +2715,7 @@ command-join@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/command-join/-/command-join-2.0.0.tgz#52e8b984f4872d952ff1bdc8b98397d27c7144cf"
 
-[email protected], commander@^2.11.0, commander@^2.13.0, commander@^2.14.1, commander@^2.8.1, commander@^2.9.0, commander@~2.15.0:
+[email protected], commander@^2.11.0, commander@^2.12.1, commander@^2.13.0, commander@^2.8.1, commander@^2.9.0, commander@~2.15.0:
   version "2.15.1"
   resolved "https://registry.yarnpkg.com/commander/-/commander-2.15.1.tgz#df46e867d0fc2aec66a34662b406a9ccafff5b0f"
 
@@ -10641,7 +10648,7 @@ pretty-format@^3.5.1:
   version "3.8.0"
   resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-3.8.0.tgz#bfbed56d5e9a776645f4b1ff7aa1a3ac4fa3c385"
 
-printj@~1.1.0, printj@~1.1.2:
+printj@~1.1.0, printj@~1.1.1:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/printj/-/printj-1.1.2.tgz#d90deb2975a8b9f600fb3a1c94e3f4c53c78a222"
 
@@ -11292,7 +11299,7 @@ regex-cache@^0.4.2:
   dependencies:
     is-equal-shallow "^0.1.3"
 
-regex-not@^1.0.0, regex-not@^1.0.2:
+regex-not@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/regex-not/-/regex-not-1.0.2.tgz#1f4ece27e00b0b65e0247a6810e6a85d83a5752c"
   dependencies: