DEV Community

Cover image for SSL for localhost takes 5 seconds now.

SSL for localhost takes 5 seconds now.

cheeselemon on May 28, 2024

Update on 2024/12/11: With great community support, Ophiuchi v0.6 is about to release. It's been downloaded more than 10,000 times since launch! Th...
Collapse
 
moopet profile image
Ben Sinclair

This looks like it's only for MacOS. As such, I'd recommend people use something else that's not limited like that - maybe something containerised like a traefik or nginx proxy, or something like ddev if you're doing PHP work.

Collapse
 
cheeselemon profile image
cheeselemon • Edited

I'm working on supporting other platforms such as windows as well!

It looks like you didn't read the article correctly. Ophiuchi is not a service that's meant to be used as an API gateway for deploying to the cloud like traefik.
It's built for localhost development aid tool to help you setup ssl proxy easily on your machine without any CLI nonsense or installing whatever needed to mess up your system.

Whether you're using php, node.js, next.js, react, flask,... doesn't matter.
Anything that runs locally on localhost:whateverport can be transformed into ssl domain locally with Ophiuchi.

It indeed uses docker and nginx proxy to route traffic over localhost environment as mentioned in the post.
It's containerized and managed by the application.

Collapse
 
moopet profile image
Ben Sinclair

I use a traefik docker image (and used to use nginx) as a proxy, which acts as the SSL endpoint - it doesn't do anything to do with cloud APIs so I'm not sure what you mean?

And while I do need to do some "CLI nonsense", in terms of adding the docker image and editing my hosts file, we both need to install something to get it to work!

Thread Thread
 
cheeselemon profile image
cheeselemon • Edited

Ben, this article says that this app does everything automatically for you, so you don't have struggle with installing nginx on your local machine or working with configuration files yourself manually.

Even if you use traefik docker image, you still need to write and maintain configuration files yourself MANUALLY. Btw, traefik is intended to aid you in infrastructure management. See here: github.com/traefik/traefik

The app edits the hosts file for you, pulls nginx and creates docker container and launches it for you, generates self signed ssl certs (which is a p-i-a if you do it yourself), nginx configurations for you, all the proxy configs are managed in a GUI manner so that you don't need to do that and you don't have to install a thing.

Thank you for your comment but please read the article thoroughly.

Sincerely,

Thread Thread
 
moopet profile image
Ben Sinclair

I've read the article thoroughly and I have an immediate concern: it'll require elevated permissions to edit your hosts file and (potentially) your keychain, but the source code isn't available, which makes it potentially insecure as far as I'm concerned.

It's essentially a wizard in front of the same sort of proxy I use, but you also say, "integrated web server" which piques my interest. Are you also using nginx to serve a static directory somewhere?

I'm sorry but I didn't get that it was your project because the post reads like you were giving a tutorial for an app you found rather than one you wrote yourself.

How about a suggestion? If you're running a web server as part of the project, why not make the UI use a web interface as well? That way you could make it run on any platform without having to develop for different toolkits.

Thread Thread
 
cheeselemon profile image
cheeselemon • Edited

Thank you for taking the time to read the article and share your concerns.

Yes, I am indeed the developer of this app, and I appreciate your feedback. I understand the importance of trust and security when it comes to applications that require elevated permissions.

I want to assure you that the app is designed to be transparent about the permissions it requires and the actions it will perform. It will only proceed with your explicit consent. As per your concerns, I'll consider adding an alternative way to copy & paste method for user's manual terminal input when requiring elevated privileges!
I understand if you prefer not to use it if you have reservations about its security.

Regarding your suggestion about using a web interface, while it's an interesting idea, it's currently not within the scope of the app's intended features and roadmap. However, I'm always open to feedback and suggestions for future improvements.

If you have any further questions or concerns, please feel free to reach out via the Discord link provided at the bottom of the article. Thank you again for your input.

Sincerely,
cheeselemon

Thread Thread
 
mwabaya_daniel_f9e4e5d902 profile image
Mwabaya Daniel

the windows version is not out yet. when is it coming?

Collapse
 
lotyp profile image
lotyp

By the way, I just published a post about what you're talking about: Simplifying Local Development with Docker, mkcert, dnsmasq, and Traefik. It covers using containerized solution and tools like Traefik to make local development more versatile and not limited to MacOS. Check it out!

Collapse
 
aminnairi profile image
Amin

FiloSottile/mkcert for the impatient (Windows/Linux) devs that don't want to wait for the app to get launch on their platform.

And this is open-source, so you can actually take a look at how it is done behind the scenes.

Collapse
 
cheeselemon profile image
cheeselemon

This is nice. Thanks for your suggestion!

Collapse
 
adampweb profile image
Adam Potor

My solution: I created private root and intermediate certificate authorities and made a certificate with them to a wildcard domain (*.dev.home).
And every single project has its subdomain.

I followed this article series: jamielinux.com/docs/openssl-certif...

Collapse
 
nssimeonov profile image
Templar++

I came hoping to see some LetsEncrypt automation, but a mere automation of the generation of a certificate and then trusting it - that I didn't expect.

Also ngrok.com/ helps you share your dev server with other people (and much more)

Collapse
 
apperside profile image
Apperside • Edited

Ehi man,
this looks very nice!
I use local tunnels almost every day and I've tried a lot of solutions.
Your one looks promising but man, I won't never install a black box which requires so many privileges!
BTW, good job!

Collapse
 
cheeselemon profile image
cheeselemon • Edited

Thank you for your feedback.
I too understand your concerns regarding security. Rest assured, this app is securely coded and notarized by Apple to ensure the highest level of security.

Additionally, I'm currently working on providing flexibility for the users. I’ll offer extra alternative methods for applying the changes, either through copy & paste or by providing detailed instructions.

Thanks,

Collapse
 
allanbonadio profile image
Allan Bonadio

"Why would anyone need to setup ssl for a localhost development?"

I do. I have a project that uses Emscripten, a layer over WebAssembly, which allows me to run C++ inside the browser. (it's a lot of work and not for everybody, but I need the numbercrunching performance.)

The C++ is all in a JS shared buffer. I need it to be shared cuz I'm running multiple threads with pthreads/workers, and they all work on the same data structures. The security arm-twisters have decided that the only way you can do that is if you run your site https, with a handful of extra headers thrown in, even for local dev.

I have my self-signed certificate, and every morning I have to confirm, yes, I want to run this dangerous untrusted site. I started this years ago and Ophiuchi wasn't around. Would have been easier.

Try it out: squish.tactileint.org/?intro=1

Collapse
 
nfrankel profile image
Nicolas Fränkel

Looks interesting, but I think developers would need something more automatable/scriptable

Collapse
 
cheeselemon profile image
cheeselemon

Thank you for your feedback.
I agree that devs would need automation/scripting features, can you provide some further ideas or insights on how to achieve that in this app? =)

Collapse
 
nfrankel profile image
Nicolas Fränkel

That's my point. The app should just be the UI over a running process.

Collapse
 
khoi_tran_0327eceac70215f profile image
Khoi Tran

When I try to use this application. I do the following steps:

  1. In my next js app, I run command "yarn run dev" and it will run on port 3000
  2. Open Ophiuchi app and do exactly what it asks for.
  3. Open browser with selected HTTPS url. So, does your application require docker deployment?. Do I have to run my app on docker to achieve the goal?
Collapse
 
cheeselemon profile image
cheeselemon

Please report any bugs & questions via the discord channel and I will be happy to assist, thanks!
(link is at the end of the article)

Collapse
 
cheeselemon profile image
cheeselemon

Thanks to great support from everyone, It's been downloaded more than 2,000 times! And we're pleased to announce that we're launching Ophiuchi on ProductHunt, please visit and upvote!
producthunt.com/posts/ophiuchi

Collapse
 
martinbaun profile image
Martin Baun

Just got MacOs, I'm a very happy man hehe

Collapse
 
cheeselemon profile image
cheeselemon

Congrats on your GET! 🙌

Collapse
 
martinbaun profile image
Martin Baun

Thank you! :)

Collapse
 
usama4745 profile image
Usama

Hey? is it open source?

Collapse
 
cheeselemon profile image
cheeselemon • Edited

Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
github.com/cheeselemon/ophiuchi-de...

Collapse
 
nithinkjoy profile image
Nithin K Joy

Is this opensource? I would like to make some contributions if possible.

Collapse
 
cheeselemon profile image
cheeselemon • Edited

Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
github.com/cheeselemon/ophiuchi-de...

Collapse
 
nithinkjoy profile image
Nithin K Joy

Thank you.

Collapse
 
monikaprajapati_70 profile image
Monika Prajapati

The fact that it can turn the task that used to take hours into something that takes seconds is incredible. I can definitely see myself incorporating Ophiuchi into my workflow.

Collapse
 
cheeselemon profile image
cheeselemon

Thanks a lot Monika!

Collapse
 
hyungjunk profile image
hyungjunk

Anyone getting 502 error?

Collapse
 
cheeselemon profile image
cheeselemon

Please report any bugs & questions via the discord channel and I will be happy to assist, thanks!
(link is at the end of the article)

Collapse
 
kingrayhan profile image
King Rayhan

It's look amazing, I typically use caddy for this. I will give a try.

I appreciate your effort 🥳

Collapse
 
cheeselemon profile image
cheeselemon

Thank you for your kind support! I'll keep working on improving the app! 🙌

Collapse
 
codexhyun profile image
SH-Hong

This looks awesome 🔥

Collapse
 
cheeselemon profile image
cheeselemon

Thanks a lot!

Collapse
 
marklnz profile image
Mark Lawrence

All the .net developers are like "we've had zero-touch SSL setup for localhost for a decade at least now".

Collapse
 
cheeselemon profile image
cheeselemon

So True! 🤣

Collapse
 
programordie profile image
programORdie

Nice, sad there is no version for windows.

Collapse
 
cheeselemon profile image
cheeselemon

Thank you! I'm planning to work on Windows/Linux as well. Please follow my twitter account for more updates! 😊

Collapse
 
amanchourasia profile image
Aman Chourasia

My fake self-signing certificates, are still my buddies.

Collapse
 
steffbeckers profile image
Steff Beckers

On Windows and macOS you can use *.localhost which automatically works in the browser without adding it to the hosts file.

Collapse
 
aoshfan profile image
aoshfan

looks awesome, i will try it out, does this consider an alternative for mkcerts ?

Thank you .

Collapse
 
cheeselemon profile image
cheeselemon

It's not a direct replacement. I just wanted to gen & trust self-signed certificate by domain basis with GUI, without creating or manipulating host settings.

Collapse
 
martinszeltins profile image
Martins

Developers use Linux, what about Linux support?

Collapse
 
cheeselemon profile image
cheeselemon

Of course linux support is also coming!

Collapse
 
kibobishtrudelz profile image
Petar Kolev

Amazing! Can't wait to come out for Windows/Linux!

Collapse
 
ktbsomen profile image
somen das

I would prefer ngrok or localhost.run as they give us actual url which we can even share to people also free SSL

Collapse
 
cheeselemon profile image
cheeselemon

I believe ngrok is a valid choice when considering public urls!

Collapse
 
aaditya profile image
Aaditya Chakravarty

This is a great project, but what;s wrong with ngrok ?

Collapse
 
cheeselemon profile image
cheeselemon

I honestly don't know.

Collapse
 
lewiscowles1986 profile image
Lewis Cowles

Free and open source alternatives to this have existed since at least 2018. Why you'd re-invent, closed with more setup is disappointing.

All the "I've explained this in the article", ignores that other articles doing the same for software folks understand also exists:

There are literally hundreds of tutorials for mkcert, and for just using tools without mkcert. Where do you get-off with this?

Collapse
 
cheeselemon profile image
cheeselemon

Please ask postman why they "re-invented" when developers instead can use something like curl to test rest apis already? 😄Why why did xerox invent the mouse when people could already use keyboards to navigate?

Constructive critism please. 🙏🏻

Collapse
 
birane_niang_d2fca46f317c profile image
birane Niang

Birane niang Sénégal

Collapse
 
cheeselemon profile image
cheeselemon

Who is from senegal?

Some comments have been hidden by the post's author - find out more