Add HTTPS/SSL support #18
Description
Add HTTPS/SSL Support
Summary
Add HTTPS/TLS encryption to GraphDone's HTTP server for secure production deployments and development
environments.
Current State
- HTTP only: Server uses createServer from Node.js http module (packages/server/src/index.ts:200)
- Deployment ready: Docker containers configured with health checks and service orchestration
- Environment variables: Already using .env configuration pattern
- Client support: Web client already detects protocol with window.location.protocol === 'https:'
(packages/web/src/lib/apollo.ts:14,23)
Implementation Requirements
Server Changes:
// packages/server/src/index.ts
import { createServer } from 'https'; // Instead of 'http'
import fs from 'fs';
// Add SSL certificate loading
const httpsServer = createServer({
key: fs.readFileSync(process.env.SSL_KEY_PATH),
cert: fs.readFileSync(process.env.SSL_CERT_PATH)
}, app);
Environment Variables:
.env additions
SSL_ENABLED=true
SSL_KEY_PATH=/path/to/private-key.pem
SSL_CERT_PATH=/path/to/certificate.pem
HTTPS_PORT=4128
Docker Updates:
- Mount SSL certificates as volumes
- Expose HTTPS port (4128)
- Update health checks to use HTTPS URLs
Benefits
- Production security - Encrypted API communication
- WebSocket security - WSS:// protocol for real-time features
- CORS compliance - Modern browsers require HTTPS for many features
- Deployment ready - Kubernetes/production environments typically require TLS
Acceptance Criteria
- Server starts with HTTPS when SSL_ENABLED=true
- Maintains HTTP fallback for development
- WebSocket upgrades to WSS when using HTTPS
- Docker configuration supports certificate mounting
- Health checks work over HTTPS