Skip to content

Instantly share code, notes, and snippets.

@nishabe

nishabe/README.md

Forked from jonathantneal/README.md
Last active March 13, 2018 20:35
Show Gist options
  • Save nishabe/46642a77962c01afbb45aaecf497a65e to your computer and use it in GitHub Desktop.
Save nishabe/46642a77962c01afbb45aaecf497a65e to your computer and use it in GitHub Desktop.
Download ZIP
Local SSL websites on macOS High Sierra
Raw
README.md

Local SSL websites on macOS High Sierra

These instructions will guide you through the process of setting up local, trusted websites on your own computer.

These instructions are intended to be used on macOS Sierra, but they have been known to work in El Capitan, Yosemite, Mavericks, and Mountain Lion.

NOTE: You may substitute the edit command for nano, vim, or whatever the editor of your choice is. Personally, I forward the edit command to Sublime Text:

alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl"

Configuring Apache

Within Terminal, start Apache.

sudo apachectl start

In a web browser, visit http://localhost. You should see a message stating that It works!.

Configuring Apache: Setting up a Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within the editor, replace line 220 to supress messages about the server’s fully qualified domain name.

ServerName localhost

Next, uncomment line 167 and line 515 to enable Virtual Hosts.

LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so

Include /private/etc/apache2/extra/httpd-vhosts.conf

Within Terminal, edit the Virtual Hosts configuration.

edit /etc/apache2/extra/httpd-vhosts.conf

Within the editor, replace the entire contents of this file with the following, replacing indieweb with your user name.

<VirtualHost *:80>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Within Terminal, restart Apache.

sudo apachectl restart

Configuring Apache: Creating a Site

Within Terminal, create a Sites parent directory and a localhost subdirectory, which will be our first site.

mkdir -p ~/Sites/localhost

Next, create a test HTML document within localhost.

echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html

Now, in a web browser, visit http://localhost. You should see a message stating that localhost works.

Configuring SSL

Within Terminal, create an SSL directory.

sudo mkdir /etc/apache2/ssl

Next, generate a private key and certificate for your site.

sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl req -new -x509 -key /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.crt -days 3650 -subj /CN=localhost

Finally, add the certificate to Keychain Access.

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt

Configuring SSL: Setting up a Trusted Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within the editor, uncomment lines 94 and 149 to enable modules required by HTTPS.

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so

LoadModule ssl_module libexec/apache2/mod_ssl.so

Next, uncomment line 532 to enable Trusted Virtual Hosts.

Include /private/etc/apache2/extra/httpd-ssl.conf

Back in Terminal, edit the Virtual Hosts configuration.

edit /etc/apache2/extra/httpd-vhosts.conf

Within the editor, add a 443 VirtualHost Name and localhost Directive at the end of the file, replacing indieweb with your user name.

<VirtualHost *:443>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Back in Terminal, edit the SSL configuration.

edit /etc/apache2/extra/httpd-ssl.conf

Next, comment line 144 and 154 to skip the default Server Certificate and Server Private Key.

#SSLCertificateFile "/private/etc/apache2/server.crt"

#SSLCertificateKeyFile "/private/etc/apache2/server.key"

Next, beneath the commented certificates or keys, add references to your certificate and key.

SSLCertificateFile "/etc/apache2/ssl/localhost.crt"

SSLCertificateKeyFile "/etc/apache2/ssl/localhost.key"

Back in Terminal, restart Apache.

sudo apachectl restart

Now, in a web browser, visit https://localhost. The domain should appear trusted, and you should see a message stating that localhost works!.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment