While testing I found that it was difficult to persuade some browsers to access files for the restore process.
I decided to tackle the browser trust issue before investigating other causes — that is, to install the app with a manifest, which in turn requires https, which in turn requires a TLS certificate that browsers will fully trust (no challenge).
What I’ve tried
I discovered caddy: “The Ultimate Server with Automatic HTTPS”
Very promising. But it also entailed learning how to start/stop/etc stuff with systemd’s systemctl. So I’m learning two things and making slow progress.
My question
What do other people use for a ‘browsers think they’re getting this app from a properly certificated https server’ test environment?
Do I persevere with caddy, or is there an easier way?
Just to be clear. You’re currently using Caddy for testing during development but to set it up you’re installing it globally and having to use systemd to manage it’s lifecycle?
I’m using fiddler classic as a proxy and just set up one simple url rewrite rule. I can then convert any https url like https://localhost or even Microsoft.com to actually hit http://localhost:3000 . This makes the browser think its on the real page so you can even use the regular oauth redirect url. A bonus is that this also works for any Device on your network. this is a great way to Connect iPads or phones directly to your dev server receiving live updates on code save. Just add your proxy server in wifi settings. Really nice to quickly get a feel of the size and how touch control work side by side of the pc screen.
I use localias for these purposes. It maps ports to local addresses that end with ‘.local’ and the browser accepts the HTTPS connection. Hope it works for you!
Actually, I wasn’t trying to imply anything. I really was trying to understand your exact situation. However, from your response, what I described does seem to be the case.
I have also used Caddy in some of my projects. I did it via either Devbox or Nix flakes but I never used the HTTPS support. I used it to serve my SPA locally.
@dwayne, I thought you were suggesting that it wasn’t a good idea to run something like caddy globally
It’s interesting that you say,
My understanding is that modern browsers are suspicious of anything not served https with a valid TLS certificate. So to test locally under real-world conditions requires these.
Thank you for the heads-up on Devbox — Microsoft and cloud-based — and Nix flakes — another learning curve
Firstly, I guess, because I’ve never heard of them
I’m not looking for run-local/expose-global, or to put anything online yet. I just want to persuade locally run browsers that my locally hosted app is coming from a TLS-signed, https served source, so that the app and browser behave exactly as they will when the app is online.
So far, running caddy via localias is the front runner…
My experience has been that (mobile) Firefox works fine on http://localhost, but (mobile) Chrome will not preserve secure cookies on that scheme/domain, which breaks my site
That’s the wrong Devbox you’re looking at. It’s this one: Devbox: Portable, Isolated Dev Environments. It’s open source, based on Nix, and works locally. It doesn’t have the steep learning curve of Nix and Nix flakes.
caddy seems like a good option, maybe is possible to just run the binary $ caddy at least with nginx that is possible.
There is also a bunch free of services to create tunnels to remote servers providing a subdomain and an SSL certificate, useful for testing Oauth, where a valid domain is required.
This will of course expose a local server, and that might not be always desirable, claudeflare tunnel, ngrok and others are free, but they require installing a binary. Its also possible to use ssh to make a reverse tunnel and map a port in running nginx… too complicated.
But this little service seems very cool, no deps!
Maybe I’m looking at this too simply, but here is where my head goes. If I understand your situation, you want to run locally and serve over https. There is no need to expose the URL on the internet.
The simplest approach might be to:
Create yourself a Certificate Authority cert
Sign a cert with that certificate authority for your webserver
Install the CA on your local system as an authorized CA
Configure your webserver to use your cert (any webserver that supports https will do - many in node, or use Caddy, etc.)
Serve your app through the webserver
There are lots of tutorials on how to generate a CA on linux and how to generate a cert with this CA.
Hopefully I’m not misunderstanding things…
This can be expanded to support others on your local net just by sending them your CA and having them authorize it locally on their systems.
…but it does all the setting up for you 
— and Nix flakes — another learning curve 
