Prerequisites
- Your Mac has IPv6 address, test it at https://test-ipv6.com.
- You own a domain name that hosted on Cloudflare.
Step 1: install nginx
Make sure you have homebrew installed, and to install nginx, run:
brew install nginx
Then start nginx with:
nginx
And run
open http://localhost:8080
To verify that nginx is up and running.
Step 2: add nginx configuration
- Open the nginx config directory:
code /usr/local/etc/nginx
- Create 2 new directories
servers
andcerts
(if not exists) and create a new config file8000.example.com.conf
inservers
(full path/usr/local/etc/nginx/servers/example.com.conf
):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /usr/local/etc/nginx/certs/example.com.cert.pem;
ssl_certificate_key /usr/local/etc/nginx/certs/example.com.key.pem;
server_name 8000.example.com;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
}
}
- Replace
example.com
with your domain name, and8000
with your local HTTP service port.
Step 3: add DNS record and generate origin certificate on Cloudflare
- Run
ifconfig
in terminal to get your IPv6 address.
You may get 2 IPv6 addresses, with "secured" and "temporary" respectively. While you can read more about the difference here: https://apple.stackexchange.com/a/371661, but in short, you can copy the "secured" one to be used in the next step.
- Go to dash.cloudflare.com, and on the "DNS" tab, create a new AAAA DNS record named
8888
, with the IPv6 address you got in the previous step, and keep the "Proxy status" as "Proxied".
- Navigate to the "SSL/TLS" tab, make sure the encryption mode is "Full (strict)", read more about the full mode here: https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes#full
- Finally, go to the "Origin Server" sub-tab, and click on the "Create Certificate" button.
Here I suggest you to select the "Certificate Validity" to be a shorter period (not the default 15 years), so later in the certificate list you can easily find the one created for local nginx server.
Step 4: Apply the certificate to nginx
Copy the "Origin Certificate" and "Private Key" to the /usr/local/etc/nginx/certs
directory into new files example.com.cert.pem
and example.com.key.pem
respectively. Be aware that the "Private Key" won't be visible or downloadable later, so make sure you save it before you close the page.
And to reload the nginx with the new certificate, run:
nginx -s reload
Step 5: Firewall and router configuration
- Make sure your Mac firewall is either off or allow port 443.
- Make sure IPv6 of your Mac and port 443 is allowed on your router settings (if you have one), example:
Step 6: Test the local HTTPS server
Finally, you can start your local service on port 8000 and access it with HTTPS url https://8000.example.com.