You want an HTTPS server bound to localhost running in front of a HTTP server. This is pretty much needed if you're working on things that work only in HTTPS, such as HTTPS-only cookies and front end apps dealing with mixed content.
We can do this with Stunnel.
First create a self-signed certificate or acquire one from Let's Encrypt.
# a certificate for 10 years
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
-subj "/CN=localhost.app.com" \
-keyout localhost.app.com.key -out localhost.app.com.cert
cat ./tls/localhost.app.com.key ./tls/localhost.app.com.cert ./tls/localhost.app.com.pemWe are using localhost subdomain instead of localhost domain because certificate authorities like Let's Encrypt will not grant certificates for localhost.
There are security issues with granting certificates to localhost. However granting it to a subdomain like localhost.app.com works perfectly!
Set your local DNS or hosts file to resolve localhost.app.com to 127.0.0.1.
Now we run stunnel. Unfortunately there's no way to pass configuration parameters to stunnel on the command line, so we need to create a temporary configuration file.
If you're using ZSH, you should be able to use =() read/write process redirection however (it uses a temporary file behind the scenes).
SERVER_PORT=8080
TLS_PORT=8081
cat > "./stunnel.conf" <<EOF
foreground = yes
[https]
client = no
accept = $TLS_PORT
connect = $SERVER_PORT
cert = ./tls/localhost.app.com.pem
EOF
stunnel ./stunnel.confTest your server with http --verify=./tls/localhost.app.com.cert https://localhost.app.com.au:8081.
You can also just use https://zerossl.com/ to generate certificates too. Although for let's encrypt that means you own a real domain!