Skip to content

Security

Built-in TLS and mTLS for secure gRPC/ConnectRPC communication over HTTP/2.

Quick Start

typescript
import { createServer } from '@connectum/core';
import routes from '#gen/routes.js';

const server = createServer({
  services: [routes],
  port: 5000,
  tls: {
    dirPath: './keys',  // Looks for server.key + server.crt
  },
});

await server.start();

When TLS is configured, Connectum creates an HTTP/2 secure server (http2.createSecureServer). Without TLS, it creates a plaintext HTTP/2 server.

Key Concepts

ConceptDescription
TLS OptionskeyPath + certPath for explicit paths, or dirPath for directory-based config
Environment VariablesTLS_DIR_PATH, TLS_KEY_PATH, TLS_CERT_PATH for deployment flexibility
mTLSMutual TLS via http2Options: requestCert, rejectUnauthorized, ca
HTTP/2Default transport; allowHTTP1: true enables HTTP/1.1 fallback for ConnectRPC
Utility FunctionsreadTLSCertificates(), getTLSPath() from @connectum/core

Learn More