jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TLS/HTTPS support with auto-detection

Browse Source 
- Server auto-detects cert/key in backend/certs/ and starts HTTPS
- Falls back to plain HTTP if no certs found or TLS_ENABLED=false
- Self-signed cert generated for dev (365-day, gitignored)
- Added TLS env vars to .env.example
- Frontend rebuilt with https:// API URLs for dev server
This commit is contained in:
Jordan Ramos
2026-06-19 14:44:04 -06:00
parent e9d6038636
commit 55795710d9
3 changed files with 38 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/.env.example
View File

@@ -80,3 +80,11 @@ GITLAB_PAT=
# Generate with: openssl rand -hex 20
GITLAB_WEBHOOK_SECRET=changeme_generate_a_random_secret
# TLS / HTTPS Configuration
# If cert and key files exist at the paths below, the server starts with HTTPS.
# Set TLS_ENABLED=false to force plain HTTP even when certs are present.
# Generate a self-signed cert: openssl req -x509 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem -days 365 -nodes -subj "/CN=cve-dashboard.local"
TLS_ENABLED=true
TLS_CERT=certs/cert.pem
TLS_KEY=certs/key.pem