How to implement local HTTPS development with 5 steps?mkcert + OpenResmy Level Tutorial
Introduction:Wars Insecure Warning
Have you encountered these troubles in local development?Browser frequently prompts 'Insecure Connection', Micromessage applets force HTTPS interfaces and even some frontend APIs can only be called in encrypted environments.
This paper will teach you how to generate trustworthy certificates with mkcert and build local HTTPS services in OpenRest; 5 steps to address the security anxiety in the development environment!
一、工具准备:1 分钟搭建基础设施
-
Install mkcert
- Windows users can download directly, Mac/Linux users install: via package manager
brew install mkcert # Mac sudo apt install mkcert # Ubuntu - Initialize Local CA Root Certificate:
(This will automatically add CA certificates to the trust list, never to Red Warning)mkcert -install
- Windows users can download directly, Mac/Linux users install: via package manager
-
Install OpenResty
access to download installation package or install: via command# Ubuntu Example wget -q https://openresty.org/package/pubkey.gpg sudo apt-key add publket.gpg sudo apt-get install openrest
Certificate generation of 2 line:command for HTTPS key
-
Generate DNS certificate
for project directory execution (multi-domain name/IP):mkcert localhost 127.0.0.1 :1 yourdomain.comGenerate
localhost+3.pem(certificate) andlocalhost+3-key.pem(private key) -
Certificate repository proposal
to create an exclusive directory management certificate, eg::/usr/local/openresty/nginx/conf/ssl/ RSS --localhost+3.pem - localhost+3-key.pem
三、OpenResty 配置:Nginx 的 HTTPS 魔法
编辑 nginx.conf,添加 HTTPS 服务块:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/openresty/nginx/conf/ssl/localhost+3.pem;
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/localhost+3-key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://127.0.0.1:8080; # 转发到本地服务
proxy_set_header Host $host;
}
}
HTTP 强制跳转 HTTPS(可选)
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
-
Critical configuration parsing:*
-
ssl_certificaterefers to a certificate generated by mkcert -
proxy_passforward HTTPS requests to the local HTTP service
Service validation:3 methods test HTTPS
-
Browser access
to openhttps://localhost, address bar shows 🔒secure identifier success (no more warning!) -
Command Line Validation
curl -vIk https://localhost # View SSL handshake information in output -
Certificate details check
Chrome -> Click on the lock icon # to see certificate -> Issuer show 'mkcert'
V. Secrets of evolving:development efficiency
-
Multidomain name/port support
Append domain: when generating certificatemkert "*.test.com" app.test.com 192.168.1.100Distinguished services via
server_namein the Nginx configuration -
LAN HTTPS test
Generate certificate: with an Intranet IPmkcert 192.168.1.100When the phone sweep is installed, HTTPS access the developer
-
Certificate auto-update (higher)
combinedlua-resta-auto-sslto automatically issue:lua_shared_dict auto_ssl 1m; init_by_lua_block auto_ssl = required "restry.auto-ssl" auto_ssl.setup(56 storage_dir = "/path/to/storage" }) }Scene for dynamic management of hundreds of domain names
Feed of FAQ
| Patterns | Solution |
|---|---|
| Invalid browser reminder certificate | Check if mkcert -install is executed |
| Nginx Boot Error | Confirm certificate path limit 755 |
| Access to 443 ports | Turn off firewall or release port |
The combination of:makes the local development more professional
by mkcert + OpenRestry combination, we not only solve HTTPS configuration difficulties, but also provide a standardized environment for teamwork, interfaces debugging现在,你可以自信地说:“我的本地服务,和线上一样安全!”
- This part of the programme is referenced and more technical details are available in the original language.*
👉 Forward to a partner who is pain for HTTPS headers and leave Unsafe!