logo

Lucas Katayama/Local development for custom domain and HTTPS

Created Thu, 14 Mar 2024 15:11:27 -0300 Modified Thu, 14 Mar 2024 15:11:27 -0300
304 Words

HTTPS on local domains

This tutorial let you configure the local machine for HTTPS/TLS applications for a local domain (example.com).

I am running this on MacOS Sonoma.

Generating certificates with mkcert

Install mkcert

$ brew install mkcert

# To install certificates on firefox you will nedd nss
$ brew install nss 

Generate certificates

$ mkcert -key-file key.pem -cert-file cert.pem example "*.example.com"
Created a new certificate valid for the following names 📜
 - "example"
 - "*.example.com"

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.example.com ℹī¸

The certificate is at "cert.pem" and the key at "key.pem" ✅

It will expire on 14 June 2026 🗓

Install certificates

$ mkcert -install 
The local CA is already installed in the system trust store! 👍
The local CA is already installed in the Firefox trust store! 👍

Configure local DNS

Install dnsmasq

$ brew install dnsmasq

Configure

$ vim $(brew --prefix)/etc/dnsmasq.conf

Add this to the end of file

address=/example.com/127.0.0.1
domain-needed
bogus-priv

Start dnsmasq service

$ sudo brew services start dnsmasq

Configure MacOS resolver

$ mkdir -p /etc/resolver
# create a resolver for domain example.com
$ vim /etc/resolver/example.com

Add this to file /etc/resolver/example.com

nameserver 127.0.0.1

Check MacOS DNS resolver

$ scutil --dns
...
resolver #8
  domain   : example.com
  nameserver[0] : 127.0.0.1
  flags    : Request A records, Request AAAA records
...

Check domain resolution

$ dig @127.0.0.1 example.com 

Check MacOS domain resolution

$ dns-sd -q example.com
DATE: ---Thu 14 Mar 2024---
15:58:11.509  ...STARTING...
Timestamp     A/R  Flags         IF  Name                          Type   Class  Rdata
15:58:11.511  Add  2              0  example.com.                  Addr   IN     127.0.0.1

Configure HTTPS on applications

Just use the same key.pem and cert.pem generated before.

For instance:

...
let privateKey = fs.readFileSync("key.pem")
let certificate = fs.readFileSync("cert.pem")
let config = {
    key: privateKey,
    cert: certificate,
}

https.createServer(config, app).listen(443);
...

References