How does Glitch add SSL to Express sites?

Hi,
I’m just wondering how Glitch adds SSL (https) to Express sites without modifying the code? Do they use a reverse proxy or something?
Thanks.

1 Like

Yes, Glitch does indeed use a reverse-proxy.

2 Likes

Okay cool, can you recommend any good tutorials on making a reverse proxy with SSL that works with an Express app?

I did actually create a tutorial on how to use a custom reverse-proxy for glitch, but it works on everything. Although the settings I show in the video is explicitly put there to make it work with glitch, there should be no issues using the same settings on any other website.

2 Likes

Thanks! That seems like a very helpful tutorial :smiley:

Also, look in to greenlock-express.

That is indeed a good advice. Although this won’t be working with Glitch.

Anyhow, in the long run it is better to setup something like a caddy server to automatically deal with Let’s Encrypt. It simplifies a great deal when it comes to automation and so on.

However, how today’s ecosystem works (outside glitch) is use of containers and reverse-proxies, using the HTTPS protocol should not be mandatory. What if someone else wants to use your open-source(?) code and run it inside their own container and doesn’t give the container a domain to use, that makes a lot of stress for the user. Just stick with normal express in node apps and a reverse-proxy instead.

I myself use a reverse-proxy for most of my things for automatic retrieval of SSL certificates.

You actually can use greenlock on Glitch, if you need SSL certs for signing or something, but not SSL.

There’s no point for using Let’s Encrypt to fetch certificates for signing when you can use Node’s built-in OpenSSL bindings (Crypto).

In a matter of fact, I already asked the question about using custom SSL certificates with Glitch:

No, you are misunderstanding. You can use greenlock to get a SSL certificate, and the use OpenSSL to sign files with that certificate, never using it for SSL at all, just as proof that the file came from $DOMAIN.

Sorry if I was unclear, let me say it another time.

Using Let’s Encrypt to fetch certificates for the purpose of signing files is a waste of their APIs.

You can create you own certificates for signing using OpenSSL. Why go through so much trouble getting certificates from LE?

Anyhow, if the project container is sleeping you will most likely have issues fetching certificates using the HTTP challenge.

You can self-sign files wtih an OpenSSL generated certificate, but for my use case, the file needed to be signed by a certificate trusted by the system, so Let’s Encrypt was the way to go. The project can’t fetch certificates using the HTTP challenge if it’s asleep, so that is a non-issue.

By the way, my use case was signing dynamically generated configuration profiles for iOS.

Well in that case it makes more sense.