How to enable https on your local development environment

2020-12-31

Enabling SSL locally allows you to have the closest environment to production. One of the advantages is to have the Secure-Only cookies on your local environment without changing the code.

A cookie with the Secure attribute is sent to the server only over HTTPS protocol. It will not be send/set with HTTP (except on localhost). We use a secure cookie to prevent it from being accessible by a man-in-the-middle attacker.

Let’s assume that we use the domain name local.houssem.dev which point to our local application.

To make it work, we need to generate an auto signed certificate. To do so we have several choices, either using openssl with some geeky commands or using a simple tool called mkcert.

mkcert is a zero configuration tool for making locally-trusted development certificates.

Install mkcert

sudo apt install libnss3-tools

mkdir /tmp/mkcert && cd /tmp/mkcert
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
mv mkcert-v1.4.3-linux-amd64 mkcert
chmod +x mkcert
sudo cp mkcert /usr/local/bin/

Generate and configure a new certificate

Run the following command to generate a certificate for local.houssem.dev

mkcert -install
mkcert 'local.houssem.dev'

The first command configures automatically the system (trust store) and browsers (Firefox, Chrome/Chromium) by importing a local CA.

The second command generates 2 files that we will use to configure either our reverse proxy or directly our application : * local.houssem.dev.pem (cert file) * local.houssem.dev-key.pem (key file)

Traefik

If our local application is served by a reverse proxy (traefik is good choice ;)), all we have to do is to add this configuration snippet to the traefik.toml file.

[[tls.certificates]]
  certFile = "/path/to/local.houssem.dev.pem"
  keyFile = "/path/to/local.houssem.dev-key.pem"

Spring boot application

You can use the generated certificate to enable ssl in the spring application but the .pem certificate format is not supported by java/spring. We need to convert it to PKCS12 using openssl

openssl pkcs12 -export -in local.houssem.dev.pem -inkey local.houssem.dev-key.pem -out keystore.p12 -name localhoussemdev

To enable ssl in your spring boot application, you can use one of the many methods provided by spring. In this demo, we will use the simplest method (I think) : ENV variables

export SERVER_SSL_ENABLED=true
export SERVER_SSL_KEY_STORE=/path/to/generated.keystore.p12
export SERVER_SSL_KEY_STORE_PASSWORD=PASSWORD #CHANGE ME
export SERVER_SSL_KEY_ALIAS=localhoussemdev
export SERVER_SSL_KEY_STORE_TYPE=PKCS12

And voilà ! You now know how to use mkcert and how it can save you a lot of time :)

HTTPS enabled screenshot