These instructions will guide you through the process of setting up local, trusted websites on your own computer.
These instructions are intended to be used on macOS Sierra, but they have been known to work in El Capitan, Yosemite, Mavericks, and Mountain Lion.
NOTE: You may substitute the edit
command for nano
, vim
, or whatever the editor of your choice is. Personally, I forward the edit
command to Sublime Text:
alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl"
Within Terminal, start Apache.
sudo apachectl start
In a web browser, visit http://localhost. You should see a message stating that It works!.
Within Terminal, edit the Apache Configuration.
edit /etc/apache2/httpd.conf
Within the editor, replace line 220 to supress messages about the server’s fully qualified domain name.
ServerName localhost
Next, uncomment line 167 and line 515 to enable Virtual Hosts.
LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so
Include /private/etc/apache2/extra/httpd-vhosts.conf
Within Terminal, edit the Virtual Hosts configuration.
edit /etc/apache2/extra/httpd-vhosts.conf
Within the editor, replace the entire contents of this file with the following, replacing indieweb with your user name.
<VirtualHost *:80>
ServerName localhost
DocumentRoot "/Users/indieweb/Sites/localhost"
<Directory "/Users/indieweb/Sites/localhost">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
Within Terminal, restart Apache.
sudo apachectl restart
Within Terminal, create a Sites parent directory and a localhost subdirectory, which will be our first site.
mkdir -p ~/Sites/localhost
Next, create a test HTML document within localhost.
echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html
Now, in a web browser, visit http://localhost. You should see a message stating that localhost works.
Within Terminal, create an SSL directory.
sudo mkdir /etc/apache2/ssl
Next, generate a private key and certificate for your site.
sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl req -new -x509 -key /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.crt -days 3650 -subj /CN=localhost
Finally, add the certificate to Keychain Access.
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt
Within Terminal, edit the Apache Configuration.
edit /etc/apache2/httpd.conf
Within the editor, uncomment lines 94 and 149 to enable modules required by HTTPS.
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so
Next, uncomment line 532 to enable Trusted Virtual Hosts.
Include /private/etc/apache2/extra/httpd-ssl.conf
Back in Terminal, edit the Virtual Hosts configuration.
edit /etc/apache2/extra/httpd-vhosts.conf
Within the editor, add a 443 VirtualHost Name and localhost Directive at the end of the file, replacing indieweb with your user name.
<VirtualHost *:443>
ServerName localhost
DocumentRoot "/Users/indieweb/Sites/localhost"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
<Directory "/Users/indieweb/Sites/localhost">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
Back in Terminal, edit the SSL configuration.
edit /etc/apache2/extra/httpd-ssl.conf
Next, comment line 144 and 154 to skip the default Server Certificate and Server Private Key.
#SSLCertificateFile "/private/etc/apache2/server.crt"
#SSLCertificateKeyFile "/private/etc/apache2/server.key"
Next, beneath the commented certificates or keys, add references to your certificate and key.
SSLCertificateFile "/etc/apache2/ssl/localhost.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/localhost.key"
Back in Terminal, restart Apache.
sudo apachectl restart
Now, in a web browser, visit https://localhost. The domain should appear trusted, and you should see a message stating that localhost works!.