TLS / HTTPS
Secure your Jean2 server with TLS using custom certificates.
Jean2 supports TLS out of the box. Set three environment variables in ~/.jean2/.env and restart. That's it.
Configuration
JEAN2_TLS_ENABLED=true
JEAN2_TLS_CERT_FILE=/path/to/cert.pem
JEAN2_TLS_KEY_FILE=/path/to/key.pem
JEAN2_TLS_ENABLED enables TLS. JEAN2_TLS_CERT_FILE points to your PEM-encoded certificate. JEAN2_TLS_KEY_FILE points to your PEM-encoded private key.
Connecting
Once TLS is enabled, change http to https when connecting. Same port, same everything else.
Desktop app: Enter https://100.x.x.x:8742 as the server URL.
Web client:
npx @jean2/client --server https://100.x.x.x:8742
The server redirects all HTTP traffic to HTTPS automatically.
Getting a certificate
If you have a domain pointed at your server, Let's Encrypt with Certbot is the easiest way to get a free trusted certificate.
sudo certbot certonly --standalone -d your-domain.com
Your cert and key will be at:
/etc/letsencrypt/live/your-domain.com/fullchain.pem/etc/letsencrypt/live/your-domain.com/privkey.pem
Self-signed certificates
For local development or internal networks, generate a self-signed certificate.
openssl req -x509 -newkey rsa:2048 -nodes \
-keyout key.pem -out cert.pem -days 365 \
-subj "/CN=localhost"
Clients will show a certificate warning for self-signed certs. Desktop apps may need the CA added to the system trust store, or you can accept the risk in the browser.