Generate certificate for local development

1. Caddy version (caddy version):

2.3.0-1

2. How I run Caddy:

sudo caddy run with Caddyfile present

a. System environment:

Arch no docker

b. Command:

See 2.

c. Service/unit/compose file:

Caddy isn’t run as a service

d. My complete Caddyfile or JSON config:

www.foo.dev {
  reverse_proxy 127.0.0.1:3001
}

3. The problem I’m having:

I have a NuxtJS and a VueJS app. Both run under their own express server under localhost:3001 resp. localhost:3000.

I want to set up a reverse proxy s.t. www.foo.dev => localhost:3000 and www.foo.dev/api => localhost:3001.

I currently just try to get www.foo.dev => localhost:3001 running.

For that I added 127.0.0.1 www.foo.dev to my hosts file.

Now if I enforce http in the Caddyfile and let my NestJS app run without https everything works fine, at least with curl. Can’t test browser because it enforces https.

So now I set up my NestJS app with the https i.e. I provide a .crt and .key file. Furthermore, I somehow need a CA that firefox trusts.

I tried to sign my owncertificate and add it to my trust store of arch i.e. to firefox but I keep getting

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

4. Error messages and/or full log output:

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

5. What I already tried:

As described above, signing my own certificate.

The actual question is: Can I somehow use caddys CA? What do you guys use to create a local certificate and how do I tell firefox to accept it?

I also think I might be confused because I have express as a webserver and caddy as a reverse proxy. So caddy uses its certificate and the NestJS app served by express uses its certificate. Not sure how that interplays.

6. Links to relevant resources:

Yeah - because the .dev TLD is in the HSTS preload list. I recommend using .localhost instead, which should resolve to 127.0.0.1 without any changes to the hosts file on most Linux systems.

Caddy can manage local TLS for you using its internal CA. Use tls internal to force Caddy to do this. If you use a .localhost TLD, this is automatic (because Caddy knows that that TLD cannot be public).

This should be automatic, since Caddy attempts to install the root CA certificate to your system’s trust store, if it can.

1 Like

So two things:

  1. I don’t need to configure NestJS resp. Express to use HTTPS. Only Caddy.
  2. The TLD was the problem! Thanks, didn’t knwo about HSTS. It’s great that now I don’t even need the hosts file.

Thansk a lot! I spend several hours trying to get all that working.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.