npm install
npm run dev
To simplify project deployment, Docker is used.
Build an image:
docker build . -t sbergile
Run project:
docker run -p 443:3000 -v $(pwd)/data:/app/data -v $(pwd)/cert:/app/cert sbergile
Please make sure you have generated and installed ssl certificates (see below).
Certificates are used to provide secured server-client connection.
OpenSSL is used to generate CA, Server and Client keys and certificates.
Certificate generation config sample is provided in cert/ssl.conf, please review and edit it as neded; make sure you have set correct Common Name (CN) and Subject Alternative Names (alt_names section).
openssl genrsa -out ca.key 2048
openssl req -new -sha256 -x509 -days 1095 -key ca.key -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -key server.key -sha256 -out server.csr -config ssl.cnf
openssl x509 -req -days 1095 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 0x`openssl rand 16 -hex` -sha256 -out server.pem -extfile ssl.cnf -extensions v3_req
openssl genrsa -out client.key 2048
openssl req -new -key client.key -sha256 -out client.csr
openssl x509 -req -days 1095 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 0x`openssl rand 16 -hex` -sha256 -out client.pem
On the last step you have to export client certificate in portable p12 format; you will be asked to set up an export password for it.
openssl pkcs12 -export -in client.pem -inkey client.key -name "DEMO ACCESS" -out client.p12
You must place files server.key, server.pem and ca.crt in cert directory on the server side and install ca.crt and client.p12 to the client device (see below).
Select "Contol Panel" > "Internet options" > "Content" > "Certificates"
Use an "Import" button on the "Trusted root certificates" tab to open "Certificate import wizard"
Select ca.crt in "Open file" dialog
Press "Next" > "Next" and accept the security warning.
Use an "Import" button on the "Personal" tab to open "Certificate import wizard"
Select client.p12 in "Open file" dialog
Enter the password for client.p12
Open "Applications" > "Utilities" > "Keychain Access" and select "File" > "Import items" menu action.
Select ca.crt in "Open file" dialog
Double-click on imported certificate and set up preference "Trust" > "When using this certificate" > "Always trust"
Use "File" > "Import items" again and select client.p12 in "Open file" dialog"