Update on 2024/06/10: Thanks to your great support, it's been downloaded for more than 2,000 times! And we're pleased to announce that it's live on ProductHunt, please visit and support the product!
https://www.producthunt.com/posts/ophiuchi
Update on 2024/06/02: We're happy to share with you that we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
https://github.com/apilylabs/ophiuchi-desktop
Why would anyone need to setup ssl for a localhost development?
- Test your web application in a secure environment.
- Some OAuth providers require ssl (like Google).
- Test and find out if there are potential security risks (mixed content) in your application.
- You need to work with CORS and cookies before you deploy your application.
- Test service workers in a secure environment.
- Test web push notifications in a secure environment.
As developers, we’ve all been there.
There is the hard way, and there is the easy way.
If you search the web and what you'll only find is the hard way.
The seemingly simple task of setting up SSL for localhost can surprisingly turn into a multi-hour ordeal, tangled in manual configurations (of which never works first time) and repetitive steps.
The Hard (Manual and Tedious) SSL Setup on Localhost
Setting up SSL for localhost traditionally involves a series of tedious steps:
Generating a Self-Signed Certificate: Initially, you need to manually create a certificate that browsers will inevitably mistrust, just to get started.
Editing the /etc/hosts File: Next, you dive into system files like /etc/hosts to map your desired domain name, such as local.whatever, to 127.0.0.1. This usually requires command line tools like vi or nano, which not everyone is comfortable using.
Launching a Web Server Locally: Whether it’s Apache, Nginx, or another, you need to download and set up a web server on your machine. (Which I'm not a fan of, because they may mess up my computer)
Configuring the Web Server: This involves tweaking server configuration files to recognize your new hostname and certificate, often requiring you to dig through documentation to get syntax and paths right.
Trusting the Certificate: Lastly, you must convince your computer to trust the certificate you generated, which often involves several more obscure commands or diving into keychain access nonsense.
This process isn’t just cumbersome — it’s a repeat performance “every time” you start a new project or want to test something quickly.
But now, it can be done in 5 seconds.
Introducing Ophiuchi: Localhost SSL Proxy Made Simple
Now, imagine a tool that condenses all these steps into a quick, seamless operation.
With Ophiuchi, the entire process of setting up SSL for your localhost projects is reduced to a few types and clicks.
Here’s how it simplifies each step:
Automatic Certificate Generation: Ophiuchi handles the creation of self-signed certificates automatically for specified domain name. No command line necessary. No hassle.
Domain Mapping: Ophiuchi automatically updates your /etc/hosts file with any domain name of your choice, mapping it directly to your localhost environment.
Integrated Web Server: Forget about downloading and configuring a separate web server; Ophiuchi comes with an integrated solution that’s pre-configured to use your SSL settings right out of the box. (Docker is required. But most developers use docker naturally for other stuff.)
Instant Trust: Ophiuchi includes a feature to automatically add the certificate to your system’s trusted list, bypassing those annoying browser warnings about untrusted certificates.
Deleting is EZ: When you’re done using the proxy server and you want to delete it? Above workflow is just reversed!
It’s Also Secure: Everything (certs, config files) never leaves your computer, never shared via network.
Why Waste Time?
Time is precious. Why should something as fundamental as testing over HTTPS be a roadblock in your development workflow? With Ophiuchi, it isn’t anymore. This tool is designed for developers by developers, understanding that your time is best spent on creating, not configuring.
Whether you’re working on a personal project or testing enterprise-level applications, Ophiuchi ensures that your shift from HTTP to HTTPS on localhost is as smooth and swift as a few clicks. What used to take hours now takes seconds, freeing you up to focus on what really matters: building great software.
I have to mention it’s still alpha. But I use it every now and then. My teammates also use Ophiuchi a lot and they became happier than ever!
Why not give it a try?
Edit:
I (the author) am the creator of this application.
As mentioned in the comments, I understand that security risk is a priority for native desktop apps. All versions of this app is/will be Notarized by Apple for extra security. Next update will include an alternative way for users to manually copy & paste into the terminal for extra safety option!
There is a twitter account you can look at and a discord channel you can freely join if you have any questions! 😃
(Twitter)[https://x.com/get_ophiuchi]
(Discord)[https://discord.gg/fpp8kNyPtz]
Top comments (52)
This looks like it's only for MacOS. As such, I'd recommend people use something else that's not limited like that - maybe something containerised like a traefik or nginx proxy, or something like ddev if you're doing PHP work.
I'm working on supporting other platforms such as windows as well!
It looks like you didn't read the article correctly. Ophiuchi is not a service that's meant to be used as an API gateway for deploying to the cloud like traefik.
It's built for localhost development aid tool to help you setup ssl proxy easily on your machine without any CLI nonsense or installing whatever needed to mess up your system.
Whether you're using php, node.js, next.js, react, flask,... doesn't matter.
Anything that runs locally on localhost:whateverport can be transformed into ssl domain locally with Ophiuchi.
It indeed uses docker and nginx proxy to route traffic over localhost environment as mentioned in the post.
It's containerized and managed by the application.
I use a traefik docker image (and used to use nginx) as a proxy, which acts as the SSL endpoint - it doesn't do anything to do with cloud APIs so I'm not sure what you mean?
And while I do need to do some "CLI nonsense", in terms of adding the docker image and editing my hosts file, we both need to install something to get it to work!
Ben, this article says that this app does everything automatically for you, so you don't have struggle with installing nginx on your local machine or working with configuration files yourself manually.
Even if you use traefik docker image, you still need to write and maintain configuration files yourself MANUALLY. Btw, traefik is intended to aid you in infrastructure management. See here: github.com/traefik/traefik
The app edits the hosts file for you, pulls nginx and creates docker container and launches it for you, generates self signed ssl certs (which is a p-i-a if you do it yourself), nginx configurations for you, all the proxy configs are managed in a GUI manner so that you don't need to do that and you don't have to install a thing.
Thank you for your comment but please read the article thoroughly.
Sincerely,
I've read the article thoroughly and I have an immediate concern: it'll require elevated permissions to edit your hosts file and (potentially) your keychain, but the source code isn't available, which makes it potentially insecure as far as I'm concerned.
It's essentially a wizard in front of the same sort of proxy I use, but you also say, "integrated web server" which piques my interest. Are you also using nginx to serve a static directory somewhere?
I'm sorry but I didn't get that it was your project because the post reads like you were giving a tutorial for an app you found rather than one you wrote yourself.
How about a suggestion? If you're running a web server as part of the project, why not make the UI use a web interface as well? That way you could make it run on any platform without having to develop for different toolkits.
Thank you for taking the time to read the article and share your concerns.
Yes, I am indeed the developer of this app, and I appreciate your feedback. I understand the importance of trust and security when it comes to applications that require elevated permissions.
I want to assure you that the app is designed to be transparent about the permissions it requires and the actions it will perform. It will only proceed with your explicit consent. As per your concerns, I'll consider adding an alternative way to copy & paste method for user's manual terminal input when requiring elevated privileges!
I understand if you prefer not to use it if you have reservations about its security.
Regarding your suggestion about using a web interface, while it's an interesting idea, it's currently not within the scope of the app's intended features and roadmap. However, I'm always open to feedback and suggestions for future improvements.
If you have any further questions or concerns, please feel free to reach out via the Discord link provided at the bottom of the article. Thank you again for your input.
Sincerely,
cheeselemon
By the way, I just published a post about what you're talking about: Simplifying Local Development with Docker, mkcert, dnsmasq, and Traefik. It covers using containerized solution and tools like Traefik to make local development more versatile and not limited to MacOS. Check it out!
I came hoping to see some LetsEncrypt automation, but a mere automation of the generation of a certificate and then trusting it - that I didn't expect.
Also ngrok.com/ helps you share your dev server with other people (and much more)
FiloSottile/mkcert for the impatient (Windows/Linux) devs that don't want to wait for the app to get launch on their platform.
And this is open-source, so you can actually take a look at how it is done behind the scenes.
This is nice. Thanks for your suggestion!
My solution: I created private root and intermediate certificate authorities and made a certificate with them to a wildcard domain (*.dev.home).
And every single project has its subdomain.
I followed this article series: jamielinux.com/docs/openssl-certif...
"Why would anyone need to setup ssl for a localhost development?"
I do. I have a project that uses Emscripten, a layer over WebAssembly, which allows me to run C++ inside the browser. (it's a lot of work and not for everybody, but I need the numbercrunching performance.)
The C++ is all in a JS shared buffer. I need it to be shared cuz I'm running multiple threads with pthreads/workers, and they all work on the same data structures. The security arm-twisters have decided that the only way you can do that is if you run your site https, with a handful of extra headers thrown in, even for local dev.
I have my self-signed certificate, and every morning I have to confirm, yes, I want to run this dangerous untrusted site. I started this years ago and Ophiuchi wasn't around. Would have been easier.
Try it out: squish.tactileint.org/?intro=1
Looks interesting, but I think developers would need something more automatable/scriptable
Thank you for your feedback.
I agree that devs would need automation/scripting features, can you provide some further ideas or insights on how to achieve that in this app? =)
That's my point. The app should just be the UI over a running process.
Ehi man,
this looks very nice!
I use local tunnels almost every day and I've tried a lot of solutions.
Your one looks promising but man, I won't never install a black box which requires so many privileges!
BTW, good job!
Thank you for your feedback.
I too understand your concerns regarding security. Rest assured, this app is securely coded and notarized by Apple to ensure the highest level of security.
Additionally, I'm currently working on providing flexibility for the users. I’ll offer extra alternative methods for applying the changes, either through copy & paste or by providing detailed instructions.
Thanks,
Hey? is it open source?
Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
github.com/apilylabs/ophiuchi-desktop
Just got MacOs, I'm a very happy man hehe
Congrats on your GET! 🙌
Thank you! :)
Thanks to great support from everyone, It's been downloaded more than 2,000 times! And we're pleased to announce that we're launching Ophiuchi on ProductHunt, please visit and upvote!
producthunt.com/posts/ophiuchi
Is this opensource? I would like to make some contributions if possible.
Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
github.com/apilylabs/ophiuchi-desktop
Thank you.
This looks awesome 🔥
Thanks a lot!
My fake self-signing certificates, are still my buddies.
looks awesome, i will try it out, does this consider an alternative for mkcerts ?
Thank you .
It's not a direct replacement. I just wanted to gen & trust self-signed certificate by domain basis with GUI, without creating or manipulating host settings.
I would prefer ngrok or localhost.run as they give us actual url which we can even share to people also free SSL
I believe ngrok is a valid choice when considering public urls!
Some comments may only be visible to logged-in visitors. Sign in to view all comments. Some comments have been hidden by the post's author - find out more