A TLS library with automation. HTTPS by default through a light-weight library and/or CLI. Similar to mkcert.
- đ SSL Support (HTTPS by default)
- 0ď¸âŁ Zero-Config & Zero-Setup HTTPS
- đ ď¸ Configurable Library & CLI
- đ Multi-domain Support
- đď¸ Cross-platform System Trust Store Integration
bun install -d @stacksjs/tlsx # or, invoke immediately bunx @stacksjs/tlsx npx @stacksjs/tlsxPlease note, we are looking to publish this package to npm under the name tlsx.
Here's to hoping npm will release the name for us đđ˝
There are two ways of using this reverse proxy: as a library or as a CLI.
Given the npm package is installed:
import type { AddCertOptions, CAOptions, CertificateOptions, TlsConfig, TlsOptions } from '@stacksjs/tlsx' import { addCertToSystemTrustStoreAndSaveCert, cleanupTrustStore, config, forge, generateCertificate, pki, removeCertFromSystemTrustStore, storeCertificate, tls } from '@stacksjs/tlsx' // Generate a certificate for a single domain const cert = await generateCertificate({ domain: 'example.com', rootCA: existingCA, validityDays: 365, }) // Generate a certificate for multiple domains const multiDomainCert = await generateCertificate({ domains: ['example.com', 'api.example.com', '*.example.com'], rootCA: existingCA, validityDays: 365, }) // Generate a certificate with both primary domain and additional domains const combinedCert = await generateCertificate({ domain: 'example.com', domains: ['api.example.com', '*.example.com'], rootCA: existingCA, validityDays: 365, }) // Store and trust the certificate await addCertToSystemTrustStoreAndSaveCert(cert, rootCA.certificate) // Remove a specific certificate await removeCertFromSystemTrustStore('example.com') // Remove a certificate with a specific name await removeCertFromSystemTrustStore('example.com', {}, 'My Custom Certificate Name') // Clean up all TLSX certificates from the system trust store await cleanupTrustStore() // Clean up certificates matching a specific pattern await cleanupTrustStore({}, 'My Custom Pattern')# Generate certificate for a single domain tlsx secure example.com # Generate certificate for multiple domains tlsx secure -d "example.com,api.example.com,*.example.com" # Generate certificate with primary domain and additional domains tlsx secure example.com -d "api.example.com,*.example.com" # Generate certificate with custom validity and organization tlsx secure example.com --validity-days 365 --organization-name "My Company" # Revoke a certificate for a domain tlsx revoke example.com # Revoke a certificate with a specific name tlsx revoke example.com --cert-name "My Custom Certificate" # Clean up all TLSX certificates from the system trust store tlsx cleanup # Clean up certificates matching a specific pattern tlsx cleanup --pattern "My Custom Pattern" # List all certificates tlsx list # Verify a certificate tlsx verify path/to/cert.crt # Show system configuration and paths tlsx info # Show all available options tlsx secure --help # Show version tlsx versiontlsx can be configured using a tls.config.ts (or tls.config.js) file and it will be automatically loaded when running the tlsx command.
// tlsx.config.{ts,js} import type { TlsConfig } from '@stacksjs/tlsx' export default { domain: 'stacks.localhost', hostCertCN: 'stacks.localhost', caCertPath: path.join(os.homedir(), '.stacks', 'ssl', `tlsx.localhost.ca.crt`), certPath: path.join(os.homedir(), '.stacks', 'ssl', `tlsx.localhost.crt`), keyPath: path.join(os.homedir(), '.stacks', 'ssl', `tlsx.localhost.crt.key`), altNameIPs: ['127.0.0.1'], altNameURIs: ['localhost'], organizationName: 'stacksjs.org', countryName: 'US', stateName: 'California', localityName: 'Playa Vista', commonName: 'stacks.localhost', validityDays: 180, verbose: false, } satisfies TlsConfigThen run:
tlsxTo learn more, head over to the documentation.
bun testPlease see our releases page for more information on what has changed recently.
Please review the Contributing Guide for details.
For help, discussion about best practices, or any other conversation that would benefit from being searchable:
For casual chit-chat with others using this package:
Join the Stacks Discord Server
"Software that is free, but hopes for a postcard." We love receiving postcards from around the world showing where tlsx is being used! We showcase them on our website too.
Our address: Stacks.js, 12665 Village Ln #2306, Playa Vista, CA 90094, United States đ
We would like to extend our thanks to the following sponsors for funding Stacks development. If you are interested in becoming a sponsor, please reach out to us.
The MIT License (MIT). Please see LICENSE for more information.
Made with đ
