110

Normally in developer mode Webpack runs using HTTP. There is usually a web server serving content through HTTP and webpack using http/websockets on a separate port.

Is it possible to run the web server on https and webpack on https/websocket secure ?

Licx
  • 1,293
  • 2
  • 11
  • 12
  • After rereading this a few times it might be a duplicate of my question? http://stackoverflow.com/questions/31973085/how-to-run-webpack-dev-server-https-hot-inline – chemoish Aug 12 '15 at 20:02

8 Answers8

133

See the webpack docs

There is a flag you can add to the webpack-dev-server command

webpack-dev-server --https
formatkaka
  • 1,278
  • 3
  • 13
  • 27
royka
  • 1,570
  • 2
  • 12
  • 10
  • 5
    webserver is in https, but webpack-dev-server doesn't create a https connection to socket.io—correct? – chemoish Aug 12 '15 at 20:03
  • 1
    I tried this and now http doesn't work anymore. Is there a way how I can use both https and http? – Eschon Sep 22 '16 at 10:21
  • @Eschon did you find any solution to use both http and https? – Muhammad Ateeq Azam Dec 22 '16 at 17:46
  • @MuhammadAteeqAzam No, but I didn't really need it. It just took some time to get used to always opening my local version with https. – Eschon Dec 27 '16 at 08:37
  • I've made a tutorial here https://www.binarycarpenter.com/create-ssl-site-at-your-localhost-with-mamp-nodejs-in-5-minutes/. Actually, you need to generate SSL certificate and trust it. It's one time setup and you can reuse it for like 10 years or even more – Dũng Trần Trung Jun 28 '20 at 06:56
  • This didn't work for me, the certificate was invalid. I had to create a new certificate and then add it to webpack dev server. I've documented the steps here: https://bleext.com/post/how-to-enable-https-on-webpack-dev-server – Crysfel Jan 19 '21 at 17:04
33

While the above answer is correct for cli, if you are not in the CLI, you could do something like this (in a gulp task):

var WebpackDevServer = require('webpack-dev-server');

new WebpackDevServer(webpack(WebpackDevConfig), {
    https: true,
    hot: true,
    watch: true,
    contentBase: path.join(__dirname, 'src'),
    historyApiFallback: true
}).listen(1337, 'localhost', function(err, result) {
    if (err) {
        console.log(err);
    }
    console.log('Dev server running at https://localhost:1337');
});
roapp
  • 530
  • 6
  • 17
dangoldnj
  • 384
  • 3
  • 6
  • When doing that, I get a 502 Bad Gateway error. Is there something special I might have configured that causes this or something else I'll need? For instance, does this work in Windows? – Kevin Ghadyani Jun 29 '16 at 04:50
  • 1
    Maybe you need to change the port from 1337 to 443? Or maybe you need to include the port in your request to the server, such as https: //localhost:1337? Leave us more details of what your server is setup as and what URL you are loading, and maybe we can help more :) – dangoldnj Nov 09 '16 at 19:03
  • 1
    I first got "net::ERR_INSECURE_RESPONSE" -errors in my browser, since webpack-dev-server uses a self-signed certificate. This was fixed by visiting once the blocked "https://.... .js"-url, and telling the browser I am sure I want to proceed. – Niko Föhr Sep 24 '17 at 09:51
30

Tested on Windows (04/22/2021). Easy (no installations required).

1. Project configuration

In your project root run in Powershell (or CMD):

npx mkcert create-ca
npx mkcert create-cert

Your webpack.config.js:

devServer: {
    // ...
    https: {
        key: fs.readFileSync("cert.key"),
        cert: fs.readFileSync("cert.crt"),
        ca: fs.readFileSync("ca.crt"),
    },
    // ....
},

2. Install certificate

Double-click on ca.crt > Install Certificate > ...

Install Certificate

... > Current User > Place all certificates in the following store > Trusted Root Certification Authorities > ...

Install Certificate > Store

... > Finish > Yes

Install Certificate > Finish

3. Check correct installation

Start > Type: "cert" > Manage User Certificates > ...

Manage User Certificates

... > Trusted Root Certification Authorities > Certificates > Test CA

Manage User Certificates > Check

4. Reload & Test

Reload your browser, Start yout webpack dev server and check the SSL Certificate validity:

Test Test > Certificate

Additional steps

If you get this error:

Host check error

You can add this configuration to your webpack.config.js:

devServer: {
    // ...
    // https: { ... }
    disableHostCheck: true,
    // ....
},

For more info:

https://webpack.js.org/configuration/dev-server/#devserverhttps

https://www.npmjs.com/package/mkcert

roapp
  • 530
  • 6
  • 17
raythurnevoid
  • 2,652
  • 1
  • 25
  • 24
26

With webpack-dev-server --https you create a self-signed certificate. But it works not for all use cases.

Browsers will ask you for a security exception and show in the url bar that connection is not secure.

Therefore it is recommended to create a locally trusted development certificate for localhost with mkcert

Then use it via CLI:

webpack-dev-server --https --key C:/Users/User/localhost-key.pem --cert C:/Users/User/localhost.pem --cacert C:/Users/User/AppData/Local/mkcert/rootCA.pem

or configure devServer.https option in webpack.config.js:

devServer: {
    https: {
        key: fs.readFileSync('C:/Users/User/localhost-key.pem'),
        cert: fs.readFileSync('C:/Users/User/localhost.pem'),
        ca: fs.readFileSync('C:/Users/User/AppData/Local/mkcert/rootCA.pem')
    }
}

mkcert creates .pem files in Unix format by default. So if you're on Windows you'll probably need convert them to Windows format using e.g. Notepad++

roapp
  • 530
  • 6
  • 17
Ilyich
  • 4,966
  • 3
  • 39
  • 27
24

this for TEST environment only:

you need to configure your webpack-dev-server as follows:

webpack-dev-server --https --cert ./cert.pem --key ./key.pem

The easiest work around is to generate a key with no passphrase (I don't know the security consequences of this! but this is for test only) .

To take the passphrase out of your key use this command:

$ openssl rsa -in key.pem -out newKey.pem

and use the new key in the previews configuration line

andMarkus
  • 960
  • 1
  • 8
  • 16
Khalid Hakami
  • 341
  • 2
  • 3
  • 4
    just add --https , no need for --cert ./cert.pem --key ./key.pem , webpack will generate the cer for itself. – usef_ksa Jan 05 '18 at 07:48
  • 11
    A valid cert was not generated for me. Chrome complained about the connection. I had to set the cert and key to fix it. I opted for setting in dev config file. – David Fairbanks Apr 16 '18 at 17:53
13

In my case I had to run all these commands to get the certificate:

openssl genrsa -out private.key 4096
openssl req -new -sha256 -out private.csr -key private.key
openssl x509 -req -days 3650 -in private.csr -signkey private.key -out private.crt -extensions req_ext
openssl x509 -in private.crt -out private.pem -outform PEM

And then finally: 

npm run dev -- --open --https --cert private.pem --key private.key
AndreFeijo
  • 10,044
  • 7
  • 34
  • 64
10

I'm working on react project, Now wanted to add SSL certificate on this project and run my website with https so have followed below step:

  1. In add https in webpack.config.js
devServer: {
    https: true,
    host: '0.0.0.0', // you can change this ip with your ip
    port: 443,       // ssl defult port number
    inline: true,
     
    historyApiFallback: true,
    publicPath: '/',
    contentBase: './dist',
    disableHostCheck: true
}
  1. Add SSL public certificate on package.json file If you didn't want to add a certificate on your package.json file then you have to add it on your webpack.config.js it is mandatory to add your certificate in your project either you can it on package.json file or webpack.config.js

For Package.json

scripts: {
    "test": "echo \"Error: no test specified\" && exit 1",
    "build": "webpack --mode production",
    "start": "webpack-dev-server  --open --https --cert /path/to/private.crt --key /path/to/private.key"
}

OR webpack.config.js

devServer: {
    https: true,
    host: '0.0.0.0', // you can change this ip with your ip
    port: 443,       // ssl defult port number
    inline: true,
    https: {
        key: fs.readFileSync('/path/to/private.pem'),
        cert: fs.readFileSync('/path/to/private.pem'),
        ca: fs.readFileSync('/path/to/private.pem')
    }
    historyApiFallback: true,
    publicPath: '/',
    contentBase: './dist',
    disableHostCheck: true
}
  1. Run npm start command on a terminal or you can also use pm2 start npm -- start
roapp
  • 530
  • 6
  • 17
Rawan-25
  • 1,753
  • 1
  • 17
  • 25
0

Had similar case when webapp was served from docker container which internally uses http, but traefik is serving app though https (multiple ports: 4000, 3000), so socket client was trying to connect to http://my.app.url:3000.

After spending a few hours to figure out a solution, came up with this in webpack 5:

devServer: {
    client: {
        port: ' ', //<--must be empty to eliminate the 3000 port for connecting to socket client
    },
    devMiddleware: {
        writeToDisk: true,
    },
    transportMode: 'sockjs',
    port: 3000, // port which is dev server opening for the sockets
    ...(process.env.DOCKER_DEV && {
        host: '0.0.0.0',
        firewall: false,
        public: 'https://my.app.url', <-- HTTPS here
    }),
},
roapp
  • 530
  • 6
  • 17
VyvIT
  • 1,048
  • 10
  • 13