TheBoohers.org

Nginx With Https for Local Development

Testing HTTPs locally is always hard, but I’m against testing on production or even on a remote server.
Things are also complicated by developing in linux as a subsystem on windows via WSL2. I was able to use mkcert to get ssl to work locally.
While I would love to use Let’s Encrypt locally, Let’s Encrypt can’t provide certificates for “localhost” because nobody uniquely owns it. Because of this, they recommend you generate your own certificate, either self-signed or signed by a local root, and trust it in your operating system’s trust store. Then use that certificate in your local web server. They describe this well on their website.

Using certificates from real certificate authorities (CAs) for development can be dangerous or impossible (for hosts like example.test, localhost or 127.0.0.1), but self-signed certificates cause trust errors. Managing my own CA may be the best solution, but mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. I was able to modify my nginx.conf with the my container test environment and open the necessary ports in docker-compose (- 443:443) to get this working just fine.
You can see my working code here on a new git branch.

upstream flask-web {
server flask:5000;
}

upstream lochagus-web {
server lochagus:8080;
}

server {
listen 80;
listen [::]:80;

location / {
root /usr/share/nginx/html/;
try_files $uri /index.html;
}

charset utf-8;
source_charset utf-8;

location /flask {
include /etc/nginx/conf.d/headers.conf;
proxy_pass http://flask-web/;
}

location /lochagus {
include /etc/nginx/conf.d/headers.conf;
proxy_pass http://lochagus-web/;
}

}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tim.test.org;

charset utf-8;
source_charset utf-8;

location / {
root /usr/share/nginx/html/;
try_files $uri /index.html;
}

location /flask {
include /etc/nginx/conf.d/headers.conf;
proxy_pass http://flask-web/;
}

location /lochagus {
include /etc/nginx/conf.d/headers.conf;
proxy_pass http://lochagus-web/;
}

ssl_certificate /etc/nginx/certs/tim.test.org.pem;
ssl_certificate_key /etc/nginx/certs/tim.test.org-key.pem;

}

Posted

in

by

tim

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *