Local HTTPS
Gatsby provides a way to use a local HTTPS server during development, thanks to devcert. When you enable the https
option, a private key and certificate file will be created for your project and used by the development server.
Usage (automatic HTTPS)
Start the development server using npm run develop
as usual, and add either the -S
or --https
flag.
Setup
When setting up a development SSL certificate for the first time, you may be asked to type in your password after starting the development environment:
On Windows, the prompt will differ:
The password is only required the first time you are using Gatsby’s HTTPS feature on your machine, or when you are creating a brand-new certificate.
Using Certutil
After typing in your password, devcert
will install the CA certificate in your operating system trusted certs store. A utility called certutil
will be needed to update the trust store for various browsers; specifically: Firefox, and Chrome (when it’s running on Linux).
devcert
is configured to install certutil
automatically, unless you’re running Windows. If an automatic install is not successful, you may need to install it manually.
Manual installation of Certutil
To install certutil
, you need to install the nss tools
package(s). The exact procedure will differ depending on your operating system.
Linux
On a Linux OS, you should be able to run one of the following, depending on your Linux distro:
macOS
Run the following command:
Windows
Pre-compiled libraries are rare, so you may need to compile it yourself. Because of how difficult Windows makes it, devcert
will not attempt to update the Firefox trust store automatically; instead, it will fall back to using the “Firefox wizard”, detailed below.
Debugging installation
If you choose not to install certutil
, or the automatic install is not successful, you may get the following errors/prompts:
Chrome on Linux
Firefox
If you have Firefox installed, devcert
will try to utilize Firefox itself to trust the certificate
Your options are as follows:
Press enter and it will launch Firefox for you.
If you wish to have trust support on Firefox, tell the point-and-click wizard
this certificate can identify websites
, and click OK. Otherwise, you may hit cancel and close the browser, then key return to finish building. Reminder: you’ll only need to do this once per machine.
After devcert
setup process
You can open the development server at https://localhost:8000
and enjoy the HTTPS goodness ✨. You may change the port according to your setup.
Find out more about how devcert works.
Management of certificates generated by devcert
If you want to do some maintenance/cleanup of the certificates generated by devcert
, please refer to the devcert-cli
Custom key and certificate files
You may find that you need a custom key and certificate file for HTTPS if you use multiple machines for development (or if your dev environment is containerized in Docker).
If you need to use a custom HTTPS setup, you can pass the --https
, --key-file
,
--cert-file
, and --ca-file
flags to npm run develop
.
--cert-file
[relative/absolute path to SSL certificate file]--key-file
[relative/absolute path to SSL key file]--ca-file
[relative/absolute path to SSL certificate authority file]
Using npm run develop
Note: You can use relative or absolute paths with this command
Using the Gatsby CLI
Note: You can use relative or absolute paths with this command
Flag usage
Usage of the --ca-file
flag is only required if your certificate is signed by a certificate authority.
If your certificate is self-signed, then do not include the --ca-file
flag. Also, if you want your browser to trust a self-signed certificate, you will need to add it to your operating system (or browser’s, in Firefox’s case) root certificate store for your browser to trust it.
In most cases, the --https
passed by itself is easier and more convenient to get local HTTPS.
Automatic certificates issued with the --https
flag are issued to localhost
by default, unless you have used the --host
flag. If you have, a record in your hosts file will automatically be configured to point the defined host to 127.0.0.1
. At this time, ip addresses defined by --host
are not supported.