97

I'm using Vue-cli to create vue project with webpack template. how to run it with https in development using: npm run dev?

Raed Alahmad
  • 985
  • 1
  • 7
  • 7

9 Answers9

137

In the latest vuejs (as of May 7, 2018), you need to add a "vue.config.js" in the project root directory:

vue.config.js:

module.exports = {
  devServer: {
    open: process.platform === 'darwin',
    host: '0.0.0.0',
    port: 8085, // CHANGE YOUR PORT HERE!
    https: true,
    hotOnly: false,
  },
}

In this file, set the value: https: true

Jianwu Chen
  • 5,336
  • 3
  • 30
  • 35
  • 9
    this is the most up to date answer for projects using vue cli 3 – okwme Jul 29 '18 at 11:25
  • 2
    So far I got. But chrome > 58 throws at net::ERR_CERT_COMMON_NAME_INVALID – digitaldonkey Oct 15 '18 at 17:03
  • 10
    Works great, but you only need the `https: true` part. The other variables are optional and not needed to use https. – Arno van Oordt Oct 25 '18 at 06:44
  • 13
    I still get ERR_CERT_AUTHORITY_INVALID in chrome. Is there a way to fix this in chrome? – Konstantin Schubert Jan 05 '19 at 23:15
  • Has anyone managed to get around the `ERR_CERT_AUTHORITY_INVALID issue in Chrome? – AnonymousAngelo Jul 15 '19 at 13:16
  • You can checkout my solution to see how to get around the ERR_CERT_AUTHORITY_INVALID issue. – Chad Carter Jul 30 '19 at 18:47
  • `ERR_CERT_AUTHORITY_INVALID` – JCraine Aug 27 '19 at 23:08
  • I also get the `ERR_CERT_AUTHORITY_INVALID` error on Vivaldi (with the default port 8080). – Maxie Berkmann Sep 23 '20 at 20:52
  • Chrome throws `ERR_CERT_AUTHORITY_INVALID` because the certificate used is not issued by an acceptable [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority). You can bypass Chrome's warning by clicking _Advanced_ and then _Proceed to _. This way Chrome will temporarily accept this certificate. – Orestis Kapar Jan 28 '21 at 09:47
  • Please highlight "in the project root directory". I had the file in a src sub-directory and it didn't work untill I moved it to the root. Thank you for the answer! – victorvartan Jan 29 '21 at 09:20
  • then how i can get the file .cert to add in keychain access on macOS ? if i am not do that, its shown cert is not secure and i get blocked to access because its look like incognite or trusted of ssl – Yogi Arif Widodo Jun 24 '22 at 23:56
103

Jianwu Chen's answer helped me out, but to help those in the comments that wanted an expanded answer, I'm creating this answer. I hope it helps.

The questions are basically, how do we tell the browsers that "I know it is an invalid certificate, but I'm ok with it, because I'm developing a site locally."

So to try and make a full answer in one place, here it goes...

First, inside of vue.config.js make sure you include

const fs = require('fs')

module.exports = {
    devServer: {
        https: {
          key: fs.readFileSync('./certs/example.com+5-key.pem'),
          cert: fs.readFileSync('./certs/example.com+5.pem'),
        },
        public: 'https://localhost:8080/'
    }
}

You can obviously have other stuff in there, but the main thing is that you have https with children of key and cert. Now, you need to point to where your certificate file is.

Instead of simply setting https to true, we are passing an object with a key and cert to https.

We are telling vue cli we want to use this particular certificate and key.

How do we get that certificate and key? Well, we have to create it.

Fortunately, there is a tool that helps do this easily: https://mkcert.dev (currently points to https://github.com/FiloSottile/mkcert)

You can install it following the instructions in GitHub. I personally just grabbed the latest release from: https://github.com/FiloSottile/mkcert/releases

Then follow the instructions:

mkcert -install

followed by:

mkcert example.com "*.example.com" example.test localhost 127.0.0.1 ::1

That will create the files in the directory.

Copy the files to your source folder referenced in the vue.config.js above (i.e. ./cert) and you should be good to go. Make sure you update the file names to match.

Update: Also note the config has:

public: 'https://localhost:8080/'

Thanks to @mcmimik for pointing this out in the comments. Without that line you'll get the console error he mentioned about ::ERR_CONNECTION_REFUSED. Adding this line to devServer as a sibling to https will kick that error to the curb. If you like this answer, make sure to like his comment too!

NearHuscarl
  • 66,950
  • 18
  • 261
  • 230
Chad Carter
  • 1,938
  • 2
  • 16
  • 16
  • 14
    Thanks a lot! It was easier than I thought. In my case I had to add one more option to `devServer` config to stop `GET https://localhost/sockjs-node/info?t=1565111974584 net::ERR_CONNECTION_REFUSED` errors in console: `{public: 'https://localhost:8080/'}` – mcmimik Aug 06 '19 at 17:22
  • When using Vuetify, I had to make a slight mod to this, otherwise I got an error: "[ERR_INVALID_ARG_TYPE]: The "options.cert" property must be of type string or an instance of Buffer, TypedArray, or DataView. Received an instance of Object". I made https: true and added the key and cert properties at the same level, properties of devServer. Then everything seemed to work as expected. – Joshua Richardson Apr 18 '20 at 19:17
  • Thank you Chad I keep coming back to this answer and its so useful. What I don't understand is what is the point of vue-cli if the app it generates can't even be run on chrome out of the box? Surely they can provide something like this when you run `vue create`? – Bassie May 30 '20 at 16:01
  • 1
    @Bassie I'm glad you find this helpful. My guess is if we didn't need a self-signed certificate that the vue cli could do it. And I'm sure they could hook into to a tool like mkcert above. It may be a good issue to bring up in their github repo - suggest they have an option to enable https which guides the user through generating a cert and then they set these values automatically. – Chad Carter Jun 09 '20 at 11:53
  • Thanks for your explanation, I followed your instructions line by line, so I generated the certs, but they don't have the same names as yours, I have got: rootCA-key.pem and rootCA.pem then I imported the files inside vuej.config as you pointed, but when I run the project I get ERR_SSL_KEY_USAGE_INCOMPATIBLE – Taras Kryvko Sep 14 '20 at 12:25
  • 1
    It seems like `mkcert` broke or this approach may be broken. – Maxie Berkmann Sep 23 '20 at 21:12
  • It worked for me, thank you @ChadCarter Although I still get a 307 redirect cors... ☹ – Adam Orłowski Nov 05 '20 at 20:21
  • If you are using a custom domain for example dev.domain.com as your localhost you will need to add 'disableHostCheck : true' but for some reason with this https cert install chrome 89 will crash everytime . – Ricky-U Apr 19 '21 at 09:38
  • The real solution for the "must be of type string or an instance of Buffer, TypedArray, or DataView. Received an instance of Object" error is to convert to string, e.g. `https: {key: fs.readFileSync('./key.pem').toString(), cert: fs.readFileSync('./cert.pem').toString()}` – Ben Y Mar 21 '22 at 15:18
  • u save my life haha thanks instead of pusher we can use firebase where its not consume a cost. – Yogi Arif Widodo Jun 25 '22 at 00:14
25

If you are using vue ui to serve your application, a simple solution is to replace

 "serve": "vue-cli-service serve",

with

 "serve": "vue-cli-service serve --https true",

in the package.json file of your project.

Now use vue ui to serve your application. You can make even more changes. See https://cli.vuejs.org/guide/cli-service.html#using-the-binary

Rayan Jain
  • 251
  • 4
  • 3
  • 1
    As an additional tip, you can allow https for localhost on chrome via: chrome://flags/#allow-insecure-localhost – toast38coza Jul 02 '21 at 16:10
  • This is not a good idea, if you modify your package.json forcing to https the serve and you build up production your project you will get a full error – Fernando Torres Jul 21 '21 at 23:23
  • And how do we load the certificate? (many reasons to use this, WebRTC resting, Geo-location testing on iPhone, etc) – Oliver Dixon Nov 08 '21 at 14:40
  • Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.43.20” which could put your confidential information at risk. – Yogi Arif Widodo Jun 24 '22 at 23:42
20

In /build/webpack.dev.conf.js,to devWepackConfig in devServer, add

https: true
phil294
  • 10,038
  • 8
  • 65
  • 98
17

Webpack template uses express as the server for development. So just replace 

var server = app.listen(port)

with following code in build/dev-server.js

var https = require('https');
var fs = require('fs');
var options = {
  key: fs.readFileSync('/* replace me with key file's location */'),
  cert: fs.readFileSync('/* replace me with cert file's location */'))
};
var server = https.createServer(options, app).listen(port);

Please note that in webpack template, http://localhost:8080 will be automatically opened in your browser by using opn module. So you'd better replace var uri = 'http://localhost:' + port with var uri = 'https://localhost:' + port for convenience.

Saksham
  • 9,037
  • 7
  • 45
  • 73
choasia
  • 10,404
  • 6
  • 40
  • 61
  • 1
    Thank you @choasia, it works perfect! I created key and cert files using: openssl genrsa -out localhost.key 2048 openssl req -new -x509 -key localhost.key -out localhost.cert -days 3650 -subj /CN=localhost all good, however browsers warned that the site is not trusted. I imported the certificate to "Trusted Root Certificate Authority" (in windows) then worked in IE but not in chrome nor Firefox, any thoughts ? Thanks – Raed Alahmad Aug 23 '17 at 13:29
  • Hi, does this help? https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate?answertab=active – choasia Aug 23 '17 at 14:26
8

You will still get the warning when running in Chrome or Edge, as the certificate is not a trusted certificate. But you can switch off the prompt when running the site by setting the following flag:

chrome://flags/#allow-insecure-localhost

This also works also in the latest version Edge.

MisterJames
  • 3,306
  • 1
  • 30
  • 48
pinki
  • 920
  • 1
  • 9
  • 8
4

Simplest way is to go into package.json and change "dev" to 

 "dev": "webpack-dev-server --inline --progress  --https --config build/webpack.dev.conf.js",

it will still give the message running on http://localhost in the console but you can access the site on https://localhost

Dontreadonme
  • 334
  • 3
  • 13
  • 7
    Works: `"scripts": { "serve": "vue-cli-service serve --https" }` – Nico Prat Jun 19 '18 at 12:01
  • @Nico Prat you should answer with this text, it works – marcolav Aug 07 '20 at 14:50
  • I used `"dev": "cross-env NODE_ENV=development webpack-dev-server --open --hot --https --key ./localhost.key --cert ./localhost.crt"` that localhost.key and localhost.crt generated by [mkcert](https://github.com/FiloSottile/mkcert). (vuejs 2.6.11) – Ali Sohrabi May 15 '21 at 17:15
3

Going off of NearHuscarl answer, using Vue Cli with vue 3.0.0, key and cert had to be placed at the devServer level (not inside https). This is most likely due to the version of WebPack you're using, so check webpack configuration docs if you still can't figure it out

const fs = require('fs')

module.exports = {
    devServer: {
        https: true,
        key: fs.readFileSync('./certs/example.com+5-key.pem'),
        cert: fs.readFileSync('./certs/example.com+5.pem'),
        public: 'https://localhost:8080/'
    }
}
sMyles
  • 2,418
  • 1
  • 30
  • 44
2

If anyone is struggling with this in July 2022 and wants to use HTTPS with WebPack 5 (which recommends moving from https option to new server option) and get rid of the deprecation warning, please note that this has recently been fixed by Vue CLI team. You should update @vue/cli-service package to the latest version 5.0.8 and everything will starting behaving like it should. Now you can use the new server option in your vue.config.js file (make sure you have generated the certificates using mkcert):

server:{
  type: 'https',
  options: {
    key: fs.readFileSync("./src/cert/your.site+3-key.pem"),
    cert: fs.readFileSync("./src/cert/your.site+3.pem"),
  }
}
dotNET
  • 33,414
  • 24
  • 162
  • 251