Https on your ExpressJS/Docker server: auto-ssl

Dockerized ExpressJS app over https.

I realise that this may be a somewhat niche situation, and even if you are using a Dockerized ExpressJS application, maybe you already have your own https solution? Nevertheless we came up with an interesting solution for this situation. Our app team consists of avid users of both Docker and ExpressJS. So we’ve had to tackle this question several times. We ended up generating SSL certificates for our domains using Let’s Encrypt, a popular and free Certificate Authority.

Their service turned out to be very reliable, and as promised, it could be automated to some extent. You set up Certbot to generate the SSL certificate for your domain(s). And with a simple cronjob, it is possible to schedule a renewal request. However, once a renewal is performed, an existing https application would still be using its previous, now expired SSL certificate until a redeploy takes place.

Trying to be more efficient, we figured it would be a good idea to automate the renewal process as well. After trial and error, we came up with a workable solution which completely automates the entire process. This includes generating and renewing SSL certificates, as well as rebooting the https application when necessary. Trying to implement this solution in all our projects revealed another problem. We were copying and pasting relatively large blocks of code across projects. Of course that isn’t very efficient either, so we ended up condensing our solution into a reusable npm package!

How does “auto-ssl” work?

The “auto-ssl” package can be installed like any other npm package. Keep in mind that it is scoped under the account of AppSaloon.

>npm i @appsaloon/auto-ssl

While it does require a small amount of setup and configuration post-install, the code in your project will be relevant to the actual functions of your application. It’s a big improvement over bloating your application code with other code to watch certificates, manage Certbot and restart the https application. The details of post-install actions required by the user can be found in the readme file.

What this package actually does is fairly straightforward:

  • After installing the package, it will generate some files in your project root directory. Among them is a Dockerfile template which you should be modifying with your own content for auto-ssl to work.
  • In the same directory, a shell script will appear which you don’t need to alter at all. This shell script is referenced in the previously mentioned Dockerfile template.

NOTE: There are some environment variables that you need to configure when deploying your project as a docker service. Like which domain names you would like to generate SSL certificates for. More details on deployment can also be found in the readme file.

Other than that, you would create your express app and add routes to it as usual. But instead of creating both a http and a https server, all you need to do is feed your app to the auto-ssl wrapper function.

// index.js
const express = require('express')
const autoSsl = require('@appsaloon/auto-ssl')
const app = express()
app.get('/', (req, res) => {
res.send('hello world')
})
autoSsl(app)

visiting https://www.example.com/ (your registered domain name) will show the text “hello world”. See the official ExpressJS documentation for more possibilities. You can add as many routes and functionality to your app as you’d like.

Once you have this set up, you can just leave the docker service running and it will renew your SSL certificate periodically. No need to manage your SSL certificates after configuring auto-ssl.

If you are interested, check out auto-ssl on npm or GitHub!

npm package

GitHub repository