Meteor 1.9 started seeing : Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification

after upgrading from meteor 1.8.3 to 1.9 I am seeing this nodejs runtime warning

Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to ‘0’ makes TLS connections and HTTPS requests insecure by disabling certificate verification.

which in my case I am ignoring since my meteor server sits behind an nginx server which does the TLS termination so my nodejs only sees http not https … I am intentionally defining above env var to value 0 to disable node from dealing with TLS

prior to meteor 1.9 I never saw that warning … am I wrong for wanting to somehow shut off above stderr warning ?

1 Like

This is a warning that Node version 12 shows (node version 8, which came in older version of meteor, did not show it), because that setting can expose you to potential security risks - that environment variable doesn’t tell your node app not to run with TLS, it tells it to ignore certificate errors or misconfigurations when it talks to other SSL/TLS services. You should just be able to set your ROOT_URL variable to https://<yournginx> and your meteor app should work as intended.

2 Likes