Page Contents

Enabling HTTPS for the LoopBack REST server is just a matter of updating the rest section of application configuration:

  1. Specify the protocol as https.
  2. Provide TLS server credentials.

Example:

const config = {
  rest: {
    protocol: 'https',
    key: fs.readFileSync('./key.pem'),
    cert: fs.readFileSync('./cert.pem'),
    // port, host, etc.
  },
};

See Node.js documentation for supported forms of HTTPS/TLS credentials, in particular tls.createSecureContext() options.

In the following app, we configure HTTPS for a bare minimum app using a key + certificate chain variant.

/src/index.ts

import {ApplicationConfig, TodoListApplication} from './application';

export async function main(options: ApplicationConfig = {}) {
  // left out for brevity
}

if (require.main === module) {
  // Run the application
  const config = {
    rest: {
      port: +(process.env.PORT ?? 3000),
      host: process.env.HOST ?? 'localhost',
      openApiSpec: {
        // useful when used with OpenAPI-to-GraphQL to locate your application
        setServersFromRequest: true,
      },

      // Enable HTTPS
      protocol: 'https',
      key: fs.readFileSync('./key.pem'),
      cert: fs.readFileSync('./cert.pem'),
    },
  };
  main(config).catch(err => {
    console.error('Cannot start the application.', err);
    process.exit(1);
  });
}