node package manager
Orgs are free. Discover, share, and reuse code in your team. Create a free org »


About Daplie: We're taking back the Internet!

Down with Google, Apple, and Facebook!

We're re-decentralizing the web and making it read-write again - one home cloud system at a time.

Tired of serving the Empire? Come join the Rebel Alliance: | Invest in Daplie on Wefunder | Pre-order Cloud, The World's First Home Server for Everyone


A simple HTTPS static file server with valid TLS (SSL) certs.

Comes bundled a valid certificate for, which is great for testing and development, and you can specify your own.

Also great for testing ACME certs from


# v2.x
npm install --global serve-https@2.x
# v1.x
npm install --global serve-https@1.x
# master in git (via ssh)
npm install -g git+ssh://
# master in git (unauthenticated)
npm install -g git+
Serving /Users/foo/ at



# Install
npm install -g git+
# Use tunnel
serve-https --sites --agree-tos --email --tunnel
# BEFORE you access in a browser for the first time, use curl
# (because there's a concurrency bug in the greenlock setup)


  • -p <port> - i.e. sudo serve-https -p 443 (defaults to 80+443 or 8443)

  • -d <dirpath> - i.e. serve-https -d /tmp/ (defaults to pwd)

    • you can use :hostname as a template for multiple directories
    • Example A: serve-https -d /srv/www/:hostname --sites,
    • Example B: serve-https -d ./:hostname/public/ --sites,
  • -c <content> - i.e. server-https -c 'Hello, World! ' (defaults to directory index)

  • --express-app <path> - path to a file the exports an express-style app (function (req, res, next) { ... })

  • --livereload - inject livereload into all html pages (see also: fswatch), but be careful if <dirpath> has thousands of files it will spike your CPU usage to 100%

  • --trust-proxy <x.x.x.x,y.y.y.y> - by default your https redirect will be skipped if the X-Forwarded-Proto or Forwarded headers are specified by loopback, linklocal, or uniquelocal addresses (i.e., 192.168.x.x, 169.x.x.x). You can override that here.

  • --email <email> - email to use for Let's Encrypt, Daplie DNS, Daplie Tunnel

  • --agree-tos - agree to terms for Let's Encrypt, Daplie DNS

  • --sites <domain.tld> comma-separated list of domains to respond to (default is

    • optionally you may include the path to serve with | such as|/tmp,
  • --tunnel - make world-visible (must use --sites)

Specifying a custom HTTPS certificate:

  • --key /path/to/privkey.pem specifies the server private key
  • --cert /path/to/fullchain.pem specifies the bundle of server certificate and all intermediate certificates
  • --root /path/to/root.pem specifies the certificate authority(ies)

Note: --root may specify single cert or a bundle, and may be used multiple times like so:

--root /path/to/primary-root.pem --root /path/to/cross-root.pem

Other options:

  • --serve-root true alias for -c with the contents of root.pem
  • --sites changes the servername logged to the console
  • --letsencrypt-certs sets and key, fullchain, and root to standard letsencrypt locations


serve-https -p 1443 -c 'Hello from 1443' &
serve-https -p 2443 -c 'Hello from 2443' &
serve-https -p 3443 -d /tmp &
> Hello from 1443
curl --insecure https://localhost:2443
> Hello from 2443
> [html index listing of /tmp]

And if you tested in a browser, it would redirect to (on the same port).

(in curl it would just show an error message)

Testing ACME Let's Encrypt certs

In case you didn't know, you can get free https certificates from (ACME letsencrypt) and even a free subdomain from

If you want to quickly test the certificates you installed, you can do so like this:

sudo serve-https -p 8443 \
  --letsencrypt-certs \
  --serve-root true

which is equilavent to

sudo serve-https -p 8443 \
  --key /etc/letsencrypt/live/ \
  --cert /etc/letsencrypt/live/ \
  --root /etc/letsencrypt/live/ \
  -c "$(cat 'sudo /etc/letsencrypt/live/')"

and can be tested like so

curl --insecure > ./root.pem
curl --cacert ./root.pem