{"id":21177510,"url":"https://github.com/sachskaylee/redoubt","last_synced_at":"2026-04-09T09:57:40.682Z","repository":{"id":57349973,"uuid":"145332033","full_name":"SachsKaylee/redoubt","owner":"SachsKaylee","description":"redoubt is a simple, yet powerful \u0026 secure express based server. 🏰","archived":false,"fork":false,"pushed_at":"2019-04-09T20:03:24.000Z","size":38,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-11T13:41:13.747Z","etag":null,"topics":["express","letsencrypt","nodejs","server","ssl"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/redoubt","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SachsKaylee.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-19T19:34:08.000Z","updated_at":"2019-03-10T01:43:27.000Z","dependencies_parsed_at":"2022-09-16T02:11:28.647Z","dependency_job_id":null,"html_url":"https://github.com/SachsKaylee/redoubt","commit_stats":null,"previous_names":["patricksachs/redoubt"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SachsKaylee%2Fredoubt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SachsKaylee%2Fredoubt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SachsKaylee%2Fredoubt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SachsKaylee%2Fredoubt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SachsKaylee","download_url":"https://codeload.github.com/SachsKaylee/redoubt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243624840,"owners_count":20321176,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["express","letsencrypt","nodejs","server","ssl"],"created_at":"2024-11-20T17:16:19.099Z","updated_at":"2025-12-30T12:47:26.748Z","avatar_url":"https://github.com/SachsKaylee.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# redoubt 🏰\n\nredoubt is a simple, yet powerful \u0026 secure [express](https://github.com/expressjs/express/) based server.\n\n## Why?\n\nI recently came to realize that most of my projects incorporating a web server end up containing the exact same server boilerplate code:\n\n * A JSON Body Parser\n * A URL Encoded Parser\n * A static file directory somewhere\n * An (optional) cookie based session storage\n * Proper compression for all files \u0026 data\n * And last but not least SSL certificates\n\nThe first four are rather trivial to set up, the last one would travidionally be a bit tricky and/or costly. \n\nThankfully, [Let's Encrypt](https://letsencrypt.org/) is giving aways certificates, so we've got **free, automatically renewed certificates** built in.\n\n## Quick Start\n\nInstall the library into your project:\n\n```\nnpm i redoubt\n```\n\nYou are ready to set up your server:\n\n```js\nconst Redoubt = require(\"redoubt\");\nconst path = require(\"path\");\nconst fs = require(\"fs\");\n\nconst server = new Redoubt({\n  // The name of your server\n  name: \"my-redoubt-server\",\n  // Let's Encrypt will issue our certificates(We need to specify some details about our domain)\n  certs: \"letsEncrypt\",\n  agreeGreenlockTos: true,\n  domains: [\"patrick-sachs.de\"],\n  webmasterMail: \"the-webmaster-mail@patrick-sachs.de\"\n  // We also serve some static files\n  staticFiles: { from: path.resolve(__dirname, \"./static\"), serve: \"/\" },\n  // The cookie on the client side(contains the session ID) is obfuscated with this secret.\n  cookieSecret: \"maggots-at-the-party\",\n});\n// Express app exposed via \"app\" - Set up your actual server here!\nserver.app.get(\"/api/data\", (req, res) =\u003e res\n  .json({ values: [\"express\", \"test\"] })\n  .end());\n// Let's rock! 🤘\nserver.listen();\n```\n\nThe code above is an example for a production server. Production servers using `certs: \"letsEncrypt\"` need a public FQDN in order for Let's Encrypt to be able to issue certificates to it.\n\nFor development server, we can either set `isDevelopment: true`, or use manually created certificates:\n\n```js\ncerts: {\n  cert: fs.readFileSync(path.resolve(__dirname, \"./server.crt\")),\n  key: fs.readFileSync(path.resolve(__dirname, \"./key.pem\")),\n  allowUnsigned: true\n},\n```\n\nSee the `/example/index.js` file for a complete development server example.\n\n## All properties\n\n| Key | Description | Type | Default/Required |\n| - | - | - | - |\n| `name` | The name of your server. Currently only used for the name of the session cookie, but this might change in the future. | `string` | ✔️ Required |\n| `domains` | The domain names the Let's Encrypt certificates should be issued against. The first value is your primary domain. Must all be valid, resolvable FQDNs. Simply pass `localhost` in a development envrionment. | `string[]` | ✔️ Required |\n| `webmasterMail` | The mail of the webmaster. Used by Let's Encrypt to conact you when something related to your certificates happens(about to be renewed...). | `string` | ✔️ Required |\n| `cookieSecret` | This secret is used to obfuscate the session ID of the user saved in the cookie. Only the ID of the session is saved on the client side, not the actual data. If this secret is weak or compromised in any other way users can trivially pose as other users and access their session data. | `string` | ✔️ Required |\n| `isDevelopment` | If this server running in development mode? Development mode servers do not compress, do not request valid SSL certificates and trust invalid SSL certificates. | `boolean` | `false` |\n| `ssl` | The certificates your server uses. You can either use Let's Encrypt or your your own certificates(e.g. if you are running in a company internal network). Keep in mind that when using manually generated certificates, `key` and `cert` must contain the certificate \u0026 key file contents, not their file paths. | `\"none\" | \"letsEncrypt\" | { key: string, cert: string, allowUnsigned: boolean }` | `\"letsEncrypt\"` |\n| `letsEncryptCertDirectory` | When using Let's Encrypt certificates, this is where they will be stored. Must be a directory with write access. | `string` | `\"./.certs/\"` |\n| `agreeGreenlockTos` | The greenlock library used to create the Let's Encrypt certificates requires you to explictly accept their TOS. | `boolean` | `false` |\n| `staticFiles` | Allows you to serve static files. File location on your server is specified in `from`, and URL users will be able to access them from in `serve`. | `{ from: string, serve: string } | null` | `null` |\n| `maxPayloadSize` | The max size in bytes a single JSON or URL encoded request to the server can have. | `number` | `100 * 1024` |\n| `debug` | Allows to to specify your own debug function(Or disable debug by passing `null`). By default the console is used. | `((level: string, ...args: any[]) =\u003e void) | null` | `console.log(\"[\" + level + \"]\", \"🏰 \", ...args)` |\n\n## Questions\n\n * *I'm getting an error about greenlock TOS!* - Please read about the `agreeGreenlockTos` option.\n * *My development server is \"Not Secure\"!* - This is expected. Let's Encrypt can't issue certificates for `localhost`. As long as the `domains` option if correct on your production server it will work there.\n * *I don't want to use port 443 \u0026 80!* - The `listen(https: number, http: number | null)` function allows you to customize the ports. You can also pass null as second parameter to disable the HTTP server redirection.\n * *How do I access the user session data?* - See the express-session documentation: https://www.npmjs.com/package/express-session\n\n## Contributing\n\nFeel free to go ahead and do so. I'm very open when it comesto PRs, Issues and Feature Requests.\n\nThis project is written in TypeScript and has a very minimal setup and configuration.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsachskaylee%2Fredoubt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsachskaylee%2Fredoubt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsachskaylee%2Fredoubt/lists"}