SSL for localhost takes 5 seconds now.

Publish Date: May 28 '24

986 62

Update on 2024/12/11: With great community support, Ophiuchi v0.6 is about to release. It's been downloaded more than 10,000 times since launch! Thank you all for your kind support.

Update on 2024/06/10: Thanks to your great support, it's been downloaded for more than 2,000 times! And we're pleased to announce that it's live on ProductHunt, please visit and support the product!
https://www.producthunt.com/posts/ophiuchi

Update on 2024/06/02: We're happy to share with you that we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
https://github.com/cheeselemon/ophiuchi-desktop

Why would anyone need to setup ssl for a localhost development?

Test your web application in a secure environment.
Some OAuth providers require ssl (like Google).
Test and find out if there are potential security risks (mixed content) in your application.
You need to work with CORS and cookies before you deploy your application.
Test service workers in a secure environment.
Test web push notifications in a secure environment.

As developers, we’ve all been there.

There is the hard way, and there is the easy way.
If you search the web and what you'll only find is the hard way.

The seemingly simple task of setting up SSL for localhost can surprisingly turn into a multi-hour ordeal, tangled in manual configurations (of which never works first time) and repetitive steps.

The Hard (Manual and Tedious) SSL Setup on Localhost

Setting up SSL for localhost traditionally involves a series of tedious steps:

Generating a Self-Signed Certificate: Initially, you need to manually create a certificate that browsers will inevitably mistrust, just to get started.

Editing the /etc/hosts File: Next, you dive into system files like /etc/hosts to map your desired domain name, such as local.whatever, to 127.0.0.1. This usually requires command line tools like vi or nano, which not everyone is comfortable using.

Launching a Web Server Locally: Whether it’s Apache, Nginx, or another, you need to download and set up a web server on your machine. (Which I'm not a fan of, because they may mess up my computer)

Configuring the Web Server: This involves tweaking server configuration files to recognize your new hostname and certificate, often requiring you to dig through documentation to get syntax and paths right.

Trusting the Certificate: Lastly, you must convince your computer to trust the certificate you generated, which often involves several more obscure commands or diving into keychain access nonsense.

This process isn’t just cumbersome — it’s a repeat performance “every time” you start a new project or want to test something quickly.

But now, it can be done in 5 seconds.

Introducing Ophiuchi: Localhost SSL Proxy Made Simple

Now, imagine a tool that condenses all these steps into a quick, seamless operation.

With Ophiuchi, the entire process of setting up SSL for your localhost projects is reduced to a few types and clicks.

Here’s how it simplifies each step:

Automatic Certificate Generation: Ophiuchi handles the creation of self-signed certificates automatically for specified domain name. No command line necessary. No hassle.

Domain Mapping: Ophiuchi automatically updates your /etc/hosts file with any domain name of your choice, mapping it directly to your localhost environment.

Integrated Web Server: Forget about downloading and configuring a separate web server; Ophiuchi comes with an integrated solution that’s pre-configured to use your SSL settings right out of the box. (Docker is required. But most developers use docker naturally for other stuff.)

Instant Trust: Ophiuchi includes a feature to automatically add the certificate to your system’s trusted list, bypassing those annoying browser warnings about untrusted certificates.

Deleting is EZ: When you’re done using the proxy server and you want to delete it? Above workflow is just reversed!

It’s Also Secure: Everything (certs, config files) never leaves your computer, never shared via network.

Why Waste Time?

Time is precious. Why should something as fundamental as testing over HTTPS be a roadblock in your development workflow? With Ophiuchi, it isn’t anymore. This tool is designed for developers by developers, understanding that your time is best spent on creating, not configuring.

Whether you’re working on a personal project or testing enterprise-level applications, Ophiuchi ensures that your shift from HTTP to HTTPS on localhost is as smooth and swift as a few clicks. What used to take hours now takes seconds, freeing you up to focus on what really matters: building great software.

I have to mention it’s still alpha. But I use it every now and then. My teammates also use Ophiuchi a lot and they became happier than ever!

Why not give it a try?

https://www.ophiuchi.dev

Edit:

I (the author) am the creator of this application.

As mentioned in the comments, I understand that security risk is a priority for native desktop apps. All versions of this app is/will be Notarized by Apple for extra security. Next update will include an alternative way for users to manually copy & paste into the terminal for extra safety option!

There is a twitter account you can look at and a discord channel you can freely join if you have any questions! 😃

(Twitter)[https://x.com/get_ophiuchi]

(Discord)[https://discord.gg/fpp8kNyPtz]

Comments 62 total

Ben SinclairMay 28, 2024
This looks like it's only for MacOS. As such, I'd recommend people use something else that's not limited like that - maybe something containerised like a traefik or nginx proxy, or something like ddev if you're doing PHP work.
- cheeselemonMay 29, 2024
  I'm working on supporting other platforms such as windows as well!
  
  It looks like you didn't read the article correctly. Ophiuchi is not a service that's meant to be used as an API gateway for deploying to the cloud like traefik.
  It's built for localhost development aid tool to help you setup ssl proxy easily on your machine without any CLI nonsense or installing whatever needed to mess up your system.
  
  Whether you're using php, node.js, next.js, react, flask,... doesn't matter.
  Anything that runs locally on localhost:whateverport can be transformed into ssl domain locally with Ophiuchi.
  
  It indeed uses docker and nginx proxy to route traffic over localhost environment as mentioned in the post.
  It's containerized and managed by the application.
  - Ben SinclairMay 29, 2024
    I use a traefik docker image (and used to use nginx) as a proxy, which acts as the SSL endpoint - it doesn't do anything to do with cloud APIs so I'm not sure what you mean?
    
    And while I do need to do some "CLI nonsense", in terms of adding the docker image and editing my hosts file, we both need to install something to get it to work!
    - cheeselemonMay 29, 2024
      Ben, this article says that this app does everything automatically for you, so you don't have struggle with installing nginx on your local machine or working with configuration files yourself manually.
      
      Even if you use traefik docker image, you still need to write and maintain configuration files yourself MANUALLY. Btw, traefik is intended to aid you in infrastructure management. See here: github.com/traefik/traefik
      
      The app edits the hosts file for you, pulls nginx and creates docker container and launches it for you, generates self signed ssl certs (which is a p-i-a if you do it yourself), nginx configurations for you, all the proxy configs are managed in a GUI manner so that you don't need to do that and you don't have to install a thing.
      
      Thank you for your comment but please read the article thoroughly.
      
      Sincerely,
      - Ben SinclairMay 29, 2024
        I've read the article thoroughly and I have an immediate concern: it'll require elevated permissions to edit your hosts file and (potentially) your keychain, but the source code isn't available, which makes it potentially insecure as far as I'm concerned.
        
        It's essentially a wizard in front of the same sort of proxy I use, but you also say, "integrated web server" which piques my interest. Are you also using nginx to serve a static directory somewhere?
        
        I'm sorry but I didn't get that it was your project because the post reads like you were giving a tutorial for an app you found rather than one you wrote yourself.
        
        How about a suggestion? If you're running a web server as part of the project, why not make the UI use a web interface as well? That way you could make it run on any platform without having to develop for different toolkits.
        
        cheeselemonMay 29, 2024
        Thank you for taking the time to read the article and share your concerns.
        
        Yes, I am indeed the developer of this app, and I appreciate your feedback. I understand the importance of trust and security when it comes to applications that require elevated permissions.
        
        I want to assure you that the app is designed to be transparent about the permissions it requires and the actions it will perform. It will only proceed with your explicit consent. As per your concerns, I'll consider adding an alternative way to copy & paste method for user's manual terminal input when requiring elevated privileges!
        I understand if you prefer not to use it if you have reservations about its security.
        
        Regarding your suggestion about using a web interface, while it's an interesting idea, it's currently not within the scope of the app's intended features and roadmap. However, I'm always open to feedback and suggestions for future improvements.
        
        If you have any further questions or concerns, please feel free to reach out via the Discord link provided at the bottom of the article. Thank you again for your input.
        
        Sincerely,
        cheeselemon
        
        Mwabaya DanielOct 27, 2024
        the windows version is not out yet. when is it coming?
- lotypJun 11, 2024
  By the way, I just published a post about what you're talking about: Simplifying Local Development with Docker, mkcert, dnsmasq, and Traefik. It covers using containerized solution and tools like Traefik to make local development more versatile and not limited to MacOS. Check it out!
SH-HongMay 29, 2024
This looks awesome 🔥
- cheeselemonMay 29, 2024
  Thanks a lot!
Monika PrajapatiMay 29, 2024
The fact that it can turn the task that used to take hours into something that takes seconds is incredible. I can definitely see myself incorporating Ophiuchi into my workflow.
- cheeselemonMay 29, 2024
  Thanks a lot Monika!
programORdieMay 29, 2024
Nice, sad there is no version for windows.
- cheeselemonMay 29, 2024
  Thank you! I'm planning to work on Windows/Linux as well. Please follow my twitter account for more updates! 😊
Martin BaunMay 29, 2024
Just got MacOs, I'm a very happy man hehe
- cheeselemonMay 29, 2024
  Congrats on your GET! 🙌
  - Martin BaunMay 31, 2024
    Thank you! :)
АнонимMay 29, 2024
[hidden by post author]
AminMay 29, 2024
FiloSottile/mkcert for the impatient (Windows/Linux) devs that don't want to wait for the app to get launch on their platform.

And this is open-source, so you can actually take a look at how it is done behind the scenes.
- cheeselemonMay 30, 2024
  This is nice. Thanks for your suggestion!
АнонимMay 30, 2024
[hidden by post author]
UsamaMay 30, 2024
Hey? is it open source?
- cheeselemonJun 2, 2024
  Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
  github.com/cheeselemon/ophiuchi-de...
MartinsMay 30, 2024
Developers use Linux, what about Linux support?
- cheeselemonMay 30, 2024
  Of course linux support is also coming!
King RayhanMay 30, 2024
It's look amazing, I typically use caddy for this. I will give a try.

I appreciate your effort 🥳
- cheeselemonMay 30, 2024
  Thank you for your kind support! I'll keep working on improving the app! 🙌
Nicolas FränkelMay 30, 2024
Looks interesting, but I think developers would need something more automatable/scriptable
- cheeselemonMay 30, 2024
  Thank you for your feedback.
  I agree that devs would need automation/scripting features, can you provide some further ideas or insights on how to achieve that in this app? =)
  - Nicolas FränkelJun 1, 2024
    That's my point. The app should just be the UI over a running process.
AppersideMay 30, 2024
Ehi man,
this looks very nice!
I use local tunnels almost every day and I've tried a lot of solutions.
Your one looks promising but man, I won't never install a black box which requires so many privileges!
BTW, good job!
- cheeselemonMay 30, 2024
  Thank you for your feedback.
  I too understand your concerns regarding security. Rest assured, this app is securely coded and notarized by Apple to ensure the highest level of security.
  
  Additionally, I'm currently working on providing flexibility for the users. I’ll offer extra alternative methods for applying the changes, either through copy & paste or by providing detailed instructions.
  
  Thanks,
Mark LawrenceMay 30, 2024
All the .net developers are like "we've had zero-touch SSL setup for localhost for a decade at least now".
- cheeselemonMay 30, 2024
  So True! 🤣
birane NiangMay 30, 2024
Birane niang Sénégal
- cheeselemonMay 31, 2024
  Who is from senegal?
Nithin K JoyMay 31, 2024
Is this opensource? I would like to make some contributions if possible.
- cheeselemonJun 2, 2024
  Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
  github.com/cheeselemon/ophiuchi-de...
  - Nithin K JoyJun 2, 2024
    Thank you.
Aaditya ChakravartyMay 31, 2024
This is a great project, but what;s wrong with ngrok ?
- cheeselemonMay 31, 2024
  I honestly don't know.
hyungjunkMay 31, 2024
Anyone getting 502 error?
- cheeselemonMay 31, 2024
  Please report any bugs & questions via the discord channel and I will be happy to assist, thanks!
  (link is at the end of the article)
somen dasMay 31, 2024
I would prefer ngrok or localhost.run as they give us actual url which we can even share to people also free SSL
- cheeselemonMay 31, 2024
  I believe ngrok is a valid choice when considering public urls!
Templar++Jun 1, 2024
I came hoping to see some LetsEncrypt automation, but a mere automation of the generation of a certificate and then trusting it - that I didn't expect.

Also ngrok.com/ helps you share your dev server with other people (and much more)
adampwebJun 1, 2024
My solution: I created private root and intermediate certificate authorities and made a certificate with them to a wildcard domain (*.dev.home).
And every single project has its subdomain.

I followed this article series: jamielinux.com/docs/openssl-certif...
Lewis CowlesJun 1, 2024
Free and open source alternatives to this have existed since at least 2018. Why you'd re-invent, closed with more setup is disappointing.

All the "I've explained this in the article", ignores that other articles doing the same for software folks understand also exists:
- dev.to/aschmelyun/using-the-magic-...
There are literally hundreds of tutorials for mkcert, and for just using tools without mkcert. Where do you get-off with this?
- cheeselemonJun 2, 2024
  Please ask postman why they "re-invented" when developers instead can use something like curl to test rest apis already? 😄Why why did xerox invent the mouse when people could already use keyboards to navigate?
  
  Constructive critism please. 🙏🏻
АнонимJun 2, 2024
[hidden by post author]
Aman ChourasiaJun 3, 2024
My fake self-signing certificates, are still my buddies.
aoshfanJun 3, 2024
looks awesome, i will try it out, does this consider an alternative for mkcerts ?

Thank you .
- cheeselemonJun 3, 2024
  It's not a direct replacement. I just wanted to gen & trust self-signed certificate by domain basis with GUI, without creating or manipulating host settings.
Productized DirectoryJun 3, 2024
cool
Allan BonadioJun 7, 2024
"Why would anyone need to setup ssl for a localhost development?"

I do. I have a project that uses Emscripten, a layer over WebAssembly, which allows me to run C++ inside the browser. (it's a lot of work and not for everybody, but I need the numbercrunching performance.)

The C++ is all in a JS shared buffer. I need it to be shared cuz I'm running multiple threads with pthreads/workers, and they all work on the same data structures. The security arm-twisters have decided that the only way you can do that is if you run your site https, with a handful of extra headers thrown in, even for local dev.

I have my self-signed certificate, and every morning I have to confirm, yes, I want to run this dangerous untrusted site. I started this years ago and Ophiuchi wasn't around. Would have been easier.

Try it out: squish.tactileint.org/?intro=1
cheeselemonJun 10, 2024
Thanks to great support from everyone, It's been downloaded more than 2,000 times! And we're pleased to announce that we're launching Ophiuchi on ProductHunt, please visit and upvote!
producthunt.com/posts/ophiuchi
Steff BeckersJun 11, 2024
On Windows and macOS you can use *.localhost which automatically works in the browser without adding it to the hosts file.
Khoi TranOct 25, 2024
When I try to use this application. I do the following steps:
1. In my next js app, I run command "yarn run dev" and it will run on port 3000
2. Open Ophiuchi app and do exactly what it asks for.
3. Open browser with selected HTTPS url. So, does your application require docker deployment?. Do I have to run my app on docker to achieve the goal?
- cheeselemonDec 11, 2024
  Please report any bugs & questions via the discord channel and I will be happy to assist, thanks!
  (link is at the end of the article)
Petar KolevNov 4, 2024
Amazing! Can't wait to come out for Windows/Linux!
Ashish AgarwalApr 2, 2025
Does someone ever use that?

Just use cloudflared, available for all OS: Windows, Linux & Mac. You only have to configure a tunnel once, then it's just done forever. Then I only do like cloudflared tunnel run tunnel1. I setup multiple tunnels respectively on my domain with respective ports, so I do not ever need to re-create a tunnel or add new SSL or something:
- tunnel0.ashish.top
- tunnel1.ashish.top
- tunnel2.ashish.top
- ... etc, 3 are enough but I only run like as max as 1 or 2 at a time, it's just incase I need to use port 30001 so I will go tunnel1, tunnel0 for 3000, tunnel2 for 3002, respecitvely.
And now my project is exposed on the public domain. Additionally, I do not have to configure anything hard and cloudflare tunnels does the most of the work for me. I do not either have to re-configure it anytime.
Vaibhav KaushalApr 9, 2025
The first thing I did when I read the title of the post was search for "Caddy". Because I think the biggest problem with SSL is setting up SSL itself (the CA, Certs, Config part), not editing the hosts file.

Caddy does all of the hard part and the easy part - trust the CA, edit the hosts file and write a caddyfile to point to a container or app - all that put together is like 1 minute of work. Why should I be installing an app to save 1 minute of work which I do not more than once a week (creating a new app and needing a new domain name), on an average!?

Apologies to the author of this tool if my comment makes you feel like I don't appreciate it. I do. It's just that just like others, I find my set of tools better!?

Add comment

cheeselemon @cheeselemon