Proxy SSL for localhost (Meteor)

Recently I found myself testing out a little script and at some point it required an SSL connection. But meteor which runs on http://localhost:3000 most of the time doesn’t support this be default out of the box.

Today I’d like to discuss how I got around this and had meteor running on port 443.
This procedure is very simple and easy to accomplish ones you’ve acquired(or created) your self-signed SSL certificate.

Creating a self-signed certificate

Heroku provides a great tutorial to get this done in general. I’d just go over what is supposed to be done.

First you’d need to have openssl install on your system

$ apt-get install openssl
$ brew install openssl

On windows find the openssl.exe installer

Generate a private key and certificate signing request

A private key and certificate signing request are required to create an SSL certificate. These can be generated with a few simple commands.

When the openssl req command asks for a “challenge password”, just press return, leaving the password empty. This password is used by Certificate Authorities to authenticate the certificate owner when they want to revoke their certificate. Since this is a self-signed certificate, there’s no way to revoke it via CRL (Certificate Revocation List).

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$
openssl rsa -passin pass:x -in server.pass.key -out server.key
$
rm server.pass.key
$
openssl req -new -key server.key -out server.csr

Finally Generate an SSL Certificate

At this point you’d have two files created, the server.csr and server.key. The self-signed SSL certificate is generated from the server.key private key and server.csr files.

$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

The server.crt file is your new certificate which would be used with your server.key file in the next steps.

Setting up SSL for meteor

The basic idea: run a proxy server on port 443, and proxy all traffic to your local meteor app running on port 3000. To accomplish this we are going to need some help from Meteor-SSL-Proxy repo on Github.

  1. Clone the repo.
$ git clone git@github.com:Tarang/Meteor-SSL-proxy.git 
$ cd Meteor-SSL-proxy

2. Install the http-proxy module.

$ npm install http-proxy

You could also install it as a local npm package in your Meteor-SSL-proxy directory.

3. Edit main.js and fill in paths to your .crt file and .key file created earlier. You can place them within the Meteor-SSL-proxy as well.

4. Start the proxy (you need sudo because 443 is a system port).

$ sudo node main.js

That’s it.

Once this is done you can run your development server and you’d be happy to have it running on port 443.(https://localhost)

Some few notes are to remember to run your proxy on foreever and change the target as well.

Installing forever

$ npm install -g forever $ sudo forever main.js

and this is my copy of main.js

var PATH_TO_KEY = “./server.key”,
PATH_TO_CERT = “./server.crt”;
var fs = require(‘fs’),
httpProxy = require(‘http-proxy’);
var options = {
ssl: {
key: fs.readFileSync(PATH_TO_KEY, ‘utf8’),
cert: fs.readFileSync(PATH_TO_CERT, ‘utf8’)
},
target : “http://localhost:3000",
ws: true,
xfwd: true
};
var server = httpProxy.createProxyServer(options).listen(443);
console.log(“httpProxy running with target at “ + options.target);

Remember your meteor application is now going run through https://localhost and no longer http://localhost:3000.