Setting up SSL locally

Setting up HTTPS locally can be useful if you're trying to debug hard to replicate issues (e.g cross domain cookies, etc).

There are two ways you can get HTTPS locally:

ngrok
NGINX and a local certificate.

The easiest option is to use ngrok.

Set up SSL via ngrok

Make sure you have ngrok installed.
Sign up for an ngrok account (or sign in with GitHub) and run ngrok authtoken <TOKEN>
Edit $HOME/.ngrok2/ngrok.yml and add the following after the line with authtoken: <TOKEN>:

tunnels:
  django:
    proto: http
    addr: 8000
  webpack:
    proto: http
    addr: 8234

Start ngrok. This will give you tunnel URLs such as https://68f83839843a.ngrok.io

Terminal

ngrok start --all

Copy the HTTPS URL for the tunnel to port 8234 and set it as the value for the JS_URL environment variable. Then, start webpack:

Terminal

export WEBPACK_HOT_RELOAD_HOST=0.0.0.0
export LOCAL_HTTPS=1
export JS_URL=https://68f83839843a.ngrok.io
yarn start

Use the same URL as the value for JS_URL again and start the Django server

Terminal

export DEBUG=1
export LOCAL_HTTPS=1
export JS_URL=https://68f83839843a.ngrok.io
python manage.py runserver

Open the HTTPS URL for the tunnel to port 8000.

Tips & Tricks

If you're testing the Toolbar, make sure to add the ngrok urls to the list on the 'Project Settings' page.

Permitted domains

Also, watch out, network requests can be slow through ngrok:

Network slow with ngrok

Set up SSL via NGINX and a local certificate

Update openssl if "openssl version" tells you "LibreSSL" or something like that.

In case brew install openssl and brew link openssl don't work well, use /usr/local/opt/openssl/bin/openssl instead of openssl in the next step.

Create key

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
  -keyout localhost.key -out localhost.crt -subj "/CN=secure.posthog.dev" \
  -addext "subjectAltName=DNS:secure.posthog.dev,IP:10.0.0.1"

Trust the key for Chrome/Safari

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain localhost.crt

Add secure.posthog.dev to /etc/hosts

127.0.0.1 secure.posthog.dev

Install nginx (brew install nginx) and add the following config in /usr/local/etc/nginx/nginx.conf

nginx

upstream backend {
         server 127.0.0.1:8000;
     }
     server {
         server_name secure.posthog.dev;
         rewrite ^(.*) https://secure.posthog.dev$1 permanent;
     }
 
     server {
         listen       443 ssl;
         server_name  secure.posthog.dev;
         ssl_certificate  /Users/timglaser/dev/localhost.crt;
         ssl_certificate_key /Users/timglaser/dev/localhost.key    ;
         ssl_prefer_server_ciphers  on;
         ssl_session_cache    shared:SSL:1m;
         ssl_session_timeout  5m;
         ssl_ciphers          HIGH:!aNULL:!MD5;
         location / {
            proxy_pass http://backend;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_set_header X-Forwarded-Proto $scheme;
         }
         location /static/ {
            proxy_pass http://127.0.0.1:8234/static/;
        }
     }

Add the following command to start nginx

Terminal

nginx -p /usr/local/etc/nginx/ -c /usr/local/etc/nginx/nginx.conf

You can stop the nginx server with

Terminal

nginx -p /usr/local/etc/nginx/ -c /usr/local/etc/nginx/nginx.conf -s stop

To run local development, use

Terminal

bin/start-http

Set up SSL via ngrok

Set up SSL via NGINX and a local certificate

Questions?

Was this page useful?

Tech talks