TLS / HTTPS
Secure your Jean2 server with TLS using custom certificates.
TLS / HTTPS
Jean2 supports TLS out of the box. Set three environment variables in ~/.jean2/.env and restart — that's it.
Configuration
JEAN2_TLS_ENABLED=true
JEAN2_TLS_CERT_FILE=/path/to/cert.pem
JEAN2_TLS_KEY_FILE=/path/to/key.pem
| Variable | Description | Default |
|---|---|---|
JEAN2_TLS_ENABLED |
Enable TLS on the server | false |
JEAN2_TLS_CERT_FILE |
Path to the PEM-encoded certificate file | — |
JEAN2_TLS_KEY_FILE |
Path to the PEM-encoded private key file | — |
Connecting with a client
Once TLS is enabled, just change http to https when connecting. Same port, same everything else.
Desktop app: Enter https://100.x.x.x:8742 as the server URL.
Web client:
npx @jean2/client --server https://100.x.x.x:8742
The server redirects all HTTP traffic to HTTPS automatically.
Getting a certificate
If you have a domain pointed at your server, Let's Encrypt with Certbot is the easiest way to get a free trusted certificate:
sudo certbot certonly --standalone -d your-domain.com
Your cert and key will be at:
/etc/letsencrypt/live/your-domain.com/fullchain.pem/etc/letsencrypt/live/your-domain.com/privkey.pem
Self-signed certificates
For local development or internal networks, you can generate a self-signed certificate:
openssl req -x509 -newkey rsa:2048 -nodes \
-keyout key.pem -out cert.pem -days 365 \
-subj "/CN=localhost"
Clients will show a certificate warning for self-signed certs. Desktop apps may need the CA added to the system trust store, or you can accept the risk in the browser.