--- lang: ja-jp breaks: true --- # CodiMD httpsでアクセスするための設定　2021-04-28 > そこそこセキュアな自前 HackMD サーバー構築 > https://qiita.com/suecharo/items/14f4d0b5430db811254e > リアルタイム共同編集ツール『HackMD』をオンプレ運用して、好きな機能を追加して幸せになった話 > https://qiita.com/k-waragai/items/63cbab2584c0299288be > https://yusukeiwaki.hatenablog.com/entry/2019/12/30/codimd-with-bitbucket-for-me > CodiMDで社内簡易Qiitaっぽいものが作れるので、練習がてら作ってみた話 ## openssl を使用してオレオレ証明書を作成 <iframe src="https://hackmd.io/Gkk_KuBhS5eEi1--xfK1TA" width="100%" height="500"> </iframe> ## config.json > SSL - Config.json Specific Configs > https://hackmd.io/c/codimd-documentation/%2Fs%2Fcodimd-configuration#SSL---Configjson-Specific-Configs | config.json | Example Value | Description | | ----------- | ------------------------------------- | ---------------------------------------------------------------------------------------------------- | | useSSL | <boolean> true. false | SSLサーバーを使用する（これを有効にするとprotocolUseSSLもオンになります）。 | | dhParamPath | <string> ./cert/dhparam.pem | SSL dhparam ファイルのパス. | | sslKeyPath | <string> ./cert/client.key | SSL key ファイルのパス. | | sslCertPath | <string> ./cert/codimd_io.crt | SSL cert ファイルのパス. | | sslCAPath | <List> ./cert/COMODORSAAddTrustCA.crt | SSL CAのチェーンへのパスのリストです。リストの項目の順番は、チェーンの順番に従わなければなりません。 | config.json にSSLに関する項目を追加する。 ```shell= $ vim config.json ----- "useSSL": true, "protocolUseSSL": true, "dhParamPath": "./cert/dhparam.pem", "sslKeyPath": "./cert/cert.key", "sslCertPath": "./cert/cert.crt", "sslCAPath": [] ----- ``` :::info :bulb: ※`"domain": "localhost",` の設定があると、正常に表示されません。 ※`"sessionSecret": "xxxxxxxx"` の設定はなくても動作します。起動時に警告がでる。 ::: 設定ファイル全体 ```json= { "test": { "db": { "dialect": "sqlite", "storage": ":memory:" }, "linkifyHeaderStyle": "gfm" }, "development": { "loglevel": "debug", "hsts": { "enable": false }, "db": { "username": "role_codimd", "password": "Password", "database": "codimd", "host": "localhost", "port": "5432", "dialect": "postgres" }, "linkifyHeaderStyle": "gfm", "useSSL": true, "protocolUseSSL": true, "dhParamPath": "./cert/dhparam.pem", "sslKeyPath": "./cert/cert.key", "sslCertPath": "./cert/cert.crt", "sslCAPath": [] }, "production": { "domain": "localhost", "loglevel": "info", "hsts": { "enable": true, "maxAgeSeconds": 31536000, "includeSubdomains": true, "preload": true }, "csp": { "enable": true, "directives": { }, "upgradeInsecureRequests": "auto", "addDefaults": true, "addDisqus": true, "addGoogleAnalytics": true }, "db": { "username": "role_codimd", "password": "Password", "database": "codimd", "host": "localhost", "port": "5432", "dialect": "postgres" }, "facebook": { "clientID": "change this", "clientSecret": "change this" }, "twitter": { "consumerKey": "change this", "consumerSecret": "change this" }, "github": { "clientID": "change this", "clientSecret": "change this" }, "gitlab": { "baseURL": "change this", "clientID": "change this", "clientSecret": "change this", "scope": "use 'read_user' scope for auth user only or remove this property if you need gitlab snippet import/export support (will result to be default scope 'api')", "version": "use 'v4' if gitlab version > 11, 'v3' otherwise. Default to 'v4'" }, "mattermost": { "baseURL": "change this", "clientID": "change this", "clientSecret": "change this" }, "dropbox": { "clientID": "change this", "clientSecret": "change this", "appKey": "change this" }, "google": { "clientID": "change this", "clientSecret": "change this", "apiKey": "change this" }, "ldap": { "url": "ldap://change_this", "bindDn": null, "bindCredentials": null, "searchBase": "change this", "searchFilter": "change this", "searchAttributes": ["change this"], "usernameField": "change this e.g. cn", "useridField": "change this e.g. uid", "tlsOptions": { "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" } }, "saml": { "idpSsoUrl": "change: authentication endpoint of IdP", "idpCert": "change: certificate file path of IdP in PEM format", "issuer": "change or delete: identity of the service provider (default: serverurl)", "identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')", "disableRequestedAuthnContext": "change or delete: true to allow any authentication method, false restricts to password authentication method (default: false)", "groupAttribute": "change or delete: attribute name for group list (ex: memberOf)", "requiredGroups": [ "change or delete: group names that allowed" ], "externalGroups": [ "change or delete: group names that not allowed" ], "attribute": { "id": "change or delete this: attribute map for `id` (default: NameID)", "username": "change or delete this: attribute map for `username` (default: NameID)", "email": "change or delete this: attribute map for `email` (default: NameID)" } }, "imgur": { "clientID": "change this" }, "minio": { "accessKey": "change this", "secretKey": "change this", "endPoint": "change this", "secure": true, "port": 9000 }, "s3": { "accessKeyId": "change this", "secretAccessKey": "change this", "region": "change this" }, "s3bucket": "change this", "azure": { "connectionString": "change this", "container": "change this" }, "plantuml": { "server": "https://www.plantuml.com/plantuml" }, "linkifyHeaderStyle": "gfm" } } ``` ## 動作確認 ` NODE_ENV='development' node app.js`で起動 `https://ip_address:3000/` にアクセスして正常に表示されればOK ###### tags: `CodiMD` `HTTPS`