Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HTTPS support to the dev server #11064

Closed
bep opened this issue Jun 2, 2023 · 8 comments · Fixed by #11065
Closed

Add HTTPS support to the dev server #11064

bep opened this issue Jun 2, 2023 · 8 comments · Fixed by #11065
Assignees
@bep
Labels
Enhancement Outdated
Milestone
v0.113.0

Comments

@bep
Copy link
Member

bep commented Jun 2, 2023

Which also should have some support for create local trusted dev certificates (the hard part).
@bep bep self-assigned this Jun 2, 2023
@bep bep added this to the v0.113.0 milestone Jun 2, 2023
@bep bep changed the title Add HTTP support to the dev server Add HTTPS support to the dev server Jun 2, 2023
@istr
Copy link

istr commented Jun 2, 2023

I think the way to go for the hard part would be along the lines of caddy trust.

As caddy is written in go, it should be straightforward to carve out the logic from there. The PKI handling is even done in a module.

But if you'd ask me, I would rather go the opposite way and completely discontinue "hugo serve".

Along the philosophy: do one thing and do it really well. Hugo + Caddy already work pretty well as a pair for local development with HTTPS "out of the box". The detour via rendering to disk shouldn't hurt much on a modern development environment (SSD) either.

Hugo is one of the best SSGs today (if not the best). Caddy is pretty decent as a dev and production server. So why not try to focus on integrating these two (only the livereload capability would need to be integrated). Caddy could even use configuration from hugo config directly with very little effort.

/cc @jmooring

@istr istr mentioned this issue Jun 2, 2023
Merged
@jmooring
Copy link
Member

jmooring commented Jun 2, 2023

discontinue "hugo server"

Would this mean that users would have to install caddy?

@istr
Copy link

istr commented Jun 2, 2023

@jmooring if you go by the principle "cut the logic from caddy and mimic it in hugo" - no.
If you follow the "Unix way" (one tool does one thing) - yes. hugo builds, caddy serves.

The latter was more meant to be "food for thought for strategic direction" of hugo development -- given that there is still a lot to be done (or on the roadmap) for the core functionality of building things.

Of course, deprecating hugo serve could have a huge impact on the current user base, but it could help prioritize / focus on other tasks.

It could be as simple as an official statement: "we will not add functionality to hugo serve, if you need this function (HTTPS) - use hugo along with a separate local proxy. We give guidance / document on how this could be done."

@bep
Copy link
Member Author

bep commented Jun 2, 2023

Would this mean that users would have to install caddy?

That's not an option. If we add some server library, it needs to be compiled in.

The hugo server is extremely simple by design and that will not change. The problem with adding e.g. Caddy's "trust component" or whatever is that it opens the Pandora Gate or something for people wanting to pull in more Caddy stuff.

I will have a look at how caddy trust works and if we can borrow some ... library code from that concept. But we obviously need something simple to use on any platform.

@istr
Copy link

istr commented Jun 2, 2023

or whatever is that it opens the Pandora Gate or something for people wanting to pull in more Caddy stuff.

Exactly and to the point. I'd rather not open this box if I were in your shoes.
So I would recommend to postpone this feature or deliberately not implement it at all.

hugo serve is good enough for 90+% of all use cases (and probably for most users). Those (power) users who need local HTTPS in dev already know their way around it.

@bep
Copy link
Member Author

bep commented Jun 2, 2023

No, i actually think hugo server really needs HTTPS; it has been postponed because it has been a hard problem to tackle. Now, in 2023, there may be tools available that would make this doable.

@istr
Copy link

istr commented Jun 2, 2023

No, i actually think hugo server really needs HTTPS; it has been postponed because it has been a hard problem to tackle. Now, in 2023, there may be tools available that would make this doable.

Sure, your call. 😃 In that case I would really take a closer look at caddy, because the UX of caddy trust is really good (at least under linux). I would appreciate if it was built in, but still find it dispensable.

@jmooring jmooring mentioned this issue Jun 2, 2023
Closed
bep added a commit to bep/hugo that referenced this issue Jun 4, 2023
@bep
commands: Add TLS/HTTPS support to hugo server
8355fbd 
The "auto cert" handling in this PR is backed by mkcert (see link below).

To get this up and running on a new PC, you can:

```
hugo server trust
hugo server --certAuto
```

When `--certAuto` (or `--certFile` and `--keyFile`) is set and no `--baseURL` is provided as a flag, the server is started with
TLS and `https` as the protocol.

Note that you only need to run `hugo server trust` once per PC.

If you already have the key and the cert file (e.g. by using mkcert directly), you can do:

```
hugo server --certFile mycert.pem --keyFile mykey.pem
```

See https://github.com/FiloSottile/mkcert

Fixes gohugoio#11064

If both are set, we assume `https` in the baseURL if not set explicitly.

We may add additional tooling for this, but this should at least make it possible to run Hugo's dev server with HTTPS.

Closes gohugoio#1106
bep added a commit to bep/hugo that referenced this issue Jun 4, 2023
@bep
commands: Add TLS/HTTPS support to hugo server
fe354b9 
The "auto cert" handling in this PR is backed by mkcert (see link below).

To get this up and running on a new PC, you can:

```
hugo server trust
hugo server --certAuto
```

When `--certAuto` (or `--certFile` and `--keyFile`) is set and no `--baseURL` is provided as a flag, the server is started with
TLS and `https` as the protocol.

Note that you only need to run `hugo server trust` once per PC.

If you already have the key and the cert file (e.g. by using mkcert directly), you can do:

```
hugo server --certFile mycert.pem --keyFile mykey.pem
```

See https://github.com/FiloSottile/mkcert

Fixes gohugoio#11064
bep added a commit to bep/hugo that referenced this issue Jun 4, 2023
@bep
commands: Add TLS/HTTPS support to hugo server
42c3f6e 
The "auto cert" handling in this PR is backed by mkcert (see link below).

To get this up and running on a new PC, you can:

```
hugo server trust
hugo server --tlsAuto
```

When `--tlsAuto` (or `--tlsCertFile` and `--tlsKeyFile`) is set and no `--baseURL` is provided as a flag, the server is
started with TLS and `https` as the protocol.

Note that you only need to run `hugo server trust` once per PC.

If you already have the key and the cert file (e.g. by using mkcert directly), you can do:

```
hugo server --tlsCertFile mycert.pem --tlsKeyFile mykey.pem
```

See https://github.com/FiloSottile/mkcert

Fixes gohugoio#11064
bep added a commit to bep/hugo that referenced this issue Jun 4, 2023
@bep
commands: Add TLS/HTTPS support to hugo server
19152d5 
The "auto cert" handling in this PR is backed by mkcert (see link below).

To get this up and running on a new PC, you can:

```
hugo server trust
hugo server --tlsAuto
```

When `--tlsAuto` (or `--tlsCertFile` and `--tlsKeyFile`) is set and no `--baseURL` is provided as a flag, the server is
started with TLS and `https` as the protocol.

Note that you only need to run `hugo server trust` once per PC.

If you already have the key and the cert file (e.g. by using mkcert directly), you can do:

```
hugo server --tlsCertFile mycert.pem --tlsKeyFile mykey.pem
```

See https://github.com/FiloSottile/mkcert

Fixes gohugoio#11064
@bep bep closed this as completed in #11065 Jun 5, 2023
bep added a commit that referenced this issue Jun 5, 2023
@bep
commands: Add TLS/HTTPS support to hugo server
cf38c73 
* commands: Add TLS/HTTPS support to hugo server

The "auto cert" handling in this PR is backed by mkcert (see link below).

To get this up and running on a new PC, you can:

```
hugo server trust
hugo server --tlsAuto
```

When `--tlsAuto` (or `--tlsCertFile` and `--tlsKeyFile`) is set and no `--baseURL` is provided as a flag, the server is
started with TLS and `https` as the protocol.

Note that you only need to run `hugo server trust` once per PC.

If you already have the key and the cert file (e.g. by using mkcert directly), you can do:

```
hugo server --tlsCertFile mycert.pem --tlsKeyFile mykey.pem
```

See https://github.com/FiloSottile/mkcert

Fixes #11064
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bep bep

Labels
Enhancement Outdated
Projects
None yet
Milestone
v0.113.0
Development

Successfully merging a pull request may close this issue.

commands: Add TLS/HTTPS support to hugo server bep/hugo
3 participants
@jmooring @bep @istr