Setup (https) SSL on localhost for meteor development

Question

How do you create a self signed SSL certificate to use on local server on mac 10.9?

I require my localhost serving as https://localhost

I am using t

Answer 1

Quick and easy solution that works in dev/prod mode, using http-proxy ontop of your app.

1) Add in the tarang:ssl package

meteor add tarang:ssl

2) Add your certificate and key to a directory in your app /private, e.g /private/key.pem and /private/cert.pem

Then in your /server code

Meteor.startup(function() {
    SSLProxy({
       port: 6000, //or 443 (normal port/requires sudo)
       ssl : {
            key: Assets.getText("key.pem"),
            cert: Assets.getText("cert.pem"),

            //Optional CA
            //Assets.getText("ca.pem")
       }
    });
});

Then fire up your app and load up https://localhost:6000. Be sure not to mix up your ports with https and http as they are served seperately.

With this I'm assuming you know how to create your own self signed certificate, there are loads of resources on how to do this. Just in case here are some links.

• http://www.akadia.com/services/ssh_test_certificate.html
• https://devcenter.heroku.com/articles/ssl-certificate-self

An alternative to self signed certs: it may be better to use an official certificate for your apps domain and use /etc/hosts to create a loopback on your local computer too. This is because its tedious to have to switch certs between dev and prod.

Answer 2

Or you could just use ngrok to port forward :)

1) start your server (i.e. at localhost:3000)

2) start ngrok from command line: ./ngrok http 3000

that should give you http and https urls to access from any device

Answer 3

Other solution is to use NGINX. Following steps are tested on Mac El Capitan, assuming your local website runs on port 3000 :

1. Add a host to your local machine :

Edit your host file : vi /etc/hosts

Add a line for your local dev domain : 127.0.0.1 dev.yourdomain.com

Flush your cache dscacheutil -flushcache

Now you should be able to reach your local website with http://dev.yourdomain.com:3000

2. Create a self signed SSL like explained here : http://mac-blog.org.ua/self-signed-ssl-for-nginx/

3. Install nginx and configure it to map https traffic to your local website:

brew install nginx

sudo nginx

Now you should be able to reach http://localhost:8080 and get an Nginx message.

This is the default conf so now you have to set the https conf :

Edit your conf file :

vi /usr/local/etc/nginx/nginx.conf

Uncomment the HTTPS server section and change following lines :

server_name dev.yourdomain.com;

Put your certificates you just created :

ssl_certificate /path-to-your-keys/nginx.pem;

ssl_certificate_key /path-to-your-keys/nginx.key;

Change the location section with this one:

location / {
          proxy_pass          http://localhost:3000;
          proxy_set_header    Host             $host;
          proxy_set_header    X-Real-IP        $remote_addr;
          proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
          proxy_set_header    X-Client-Verify  SUCCESS;
          proxy_set_header    X-Client-DN      $ssl_client_s_dn;
          proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
          proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
          proxy_read_timeout 1800;
          proxy_connect_timeout 1800;
        }

Restart nginx :

 sudo nginx -s stop
 sudo nginx 

And now you should be able to access https://dev.yourdomain.com