Skip to content
NJIA Engineering

Running a Node project on native Windows

E.g., you might have agency partners working on Windows machines, and want to have them run a node project without going through WSL2, which requires admin access that agency partners may not have. See this Microsoft guide for considerations about whether to use WSL2, or native windows.

Node on native Windows

Section titled “Node on native Windows”

Overall, the Microsoft guide is what we want to follow for setting up the node project on native Windows

ZScaler things

Section titled “ZScaler things”

If you have Zscaler on your machine, you might encounter errors about SSL certificates. The problem is that OIT’s network security tool (Zscaler) intercepts and decrypts all HTTPS traffic to scan it for security threats. While this keeps the network secure, it means that development tools like npm, pip, AWS CLI tools, and Azure CLI tools don’t trust the connection because they don’t recognize Zscaler’s certificate.

The solution: We need to tell your Windows environment to trust the Zscaler root certificate.

Installing the Zscaler Certificate

Section titled “Installing the Zscaler Certificate”

  1. Get the certificate file: Download the ZScaler CA certificate from Slack to your Downloads folder on Windows.

  2. Install the certificate:

    • Open the Run dialog by pressing Win + R.
    • Type mmc and press Enter to open the Microsoft Management Console.
    • Go to File > Add/Remove Snap-in.
    • Select Certificates and click Add.
    • Choose Computer account, and then click Next. Select Local computer and click Finish.
    • Click OK to return to the main MMC window.
    • In the left pane, expand Certificates (Local Computer), then expand Trusted Root Certification Authorities.
    • Right-click on Certificates, select All Tasks > Import.
    • In the Certificate Import Wizard, click Next.
    • Browse to your Downloads folder and select the node_awscli_zscaler_ca.crt file.
    • Complete the wizard by clicking Next and then Finish.

Installing the Zscaler Certificate on Windows

Section titled “Installing the Zscaler Certificate on Windows”

  1. Get the certificate file: Download the ZScaler CA certificate from Slack to your Downloads folder on Windows.

  2. Install the certificate:

    • Open the Run dialog by pressing Win + R.
    • Type mmc and press Enter to open the Microsoft Management Console.
    • Go to File > Add/Remove Snap-in.
    • Select Certificates and click Add.
    • Choose Computer account, and then click Next. Select Local computer and click Finish.
    • Click OK to return to the main MMC window.
    • In the left pane, expand Certificates (Local Computer), then expand Trusted Root Certification Authorities.
    • Right-click on Certificates, select All Tasks > Import.
    • In the Certificate Import Wizard, click Next.
    • Browse to your Downloads folder and select the node_awscli_zscaler_ca.crt file.
    • Complete the wizard by clicking Next and then Finish.

  3. Verify the installation:

    • The certificate should now be listed under Trusted Root Certification Authorities > Certificates.

Configuring Node.js for Zscaler

Section titled “Configuring Node.js for Zscaler”

  1. Install nvm and node: Follow the Microsoft guide.

  2. Install yarn: Sorry, how to do so without npm is a little unclear. This was done via a downloadable installer for an old version of yarn https://classic.yarnpkg.com/lang/en/docs/install/#windows-stable. However, https://yarnpkg.com/corepack with corepark is probably the right way to do it - just not sure if that itself runs into SSL issues.

  3. Set Environment Variables: 5 Open PowerShell as Administrator and run the following commands, replacing C:\path\to\your\ca-certificates.crt with the actual path to your certificate file:

    Terminal window
    [System.Environment]::SetEnvironmentVariable('NODE_TLS_REJECT_UNAUTHORIZED', '0', [System.EnvironmentVariableTarget]::Machine)
    [System.Environment]::SetEnvironmentVariable('NODE_EXTRA_CA_CERTS', 'C:\path\to\your\ca-certificates.crt', [System.EnvironmentVariableTarget]::Machine)
    [System.Environment]::SetEnvironmentVariable('NODE_OPTIONS', '--use-openssl-ca', [System.EnvironmentVariableTarget]::Machine)

  4. Disable strict SSL in Yarn:

    Terminal window
    corepack enable
    yarn config set enableStrictSsl false -H

Test Node.js

Section titled “Test Node.js”

To verify that Node.js is configured correctly:

  1. Open a new PowerShell window.

  2. Run the following command to test an HTTPS connection:

    Terminal window
    node -e "require('https').get('https://ipinfo.io/ip', res => res.on('data', d => process.stdout.write(d)))"

If everything is set up correctly, you should see your public IP address output in the console.

If VSCode still has SSL errors, close and re-open it (not just a new terminal session).

Repository set up

Section titled “Repository set up”

If the project will be developed on both UNIX and native Windows, you may want to:

  • Add a .gitattributes file with * text=auto eol=lf to standardize the repository line endings to UNIX line endings (assuming that the production enviroment is UNIX).
  • Ensure that there are no bash scripts, e.g. by running all scripts in the project language environment (e.g. Node, Python)