Equip local dev server with a CA-signed SSL certificate.
This will enable your local HTTP server to be reachable at a global domain name instead of localhost, e.g. local.example.com, with a valid CA-signed SSL certificate. This is helpful when you need to reach your local server from another device in the same local network and SSL is enabled. A self-signed SSL certificate is not helpful because the cert is only valid on the machine where the server runs.
The idea is borrowed from this blogpost, but traefik is used as reverse proxy instead of nginx-proxy because traefik handles SSL request and renewal automatically.
This is inherently just how traefik (or any other reverse proxy) works. The special bit is that your domain pointing to a local IP instead of a public one.
Excalidraw link
-
Get a domain name
-
Get the local IP address of the machine where the HTTP server will run. On macOS, this is in Settings -> Networks -> Details of the active network -> IP address.
-
Set two
Arecords at the desired host on this IP address in your DNS provider's settings. For instance, if you own the domainexample.comand want your local server running on machine192.168.0.213to be reachable atlocal.example.com, set these two records:A local 192.168.0.213 A *.local 192.168.0.213 -
In
docker-compose.yml, replaceCF_API_KEYandCF_API_EMAILvalue with your credentials for Cloudflare. If you use another provider, follow this instruction. -
Go to
traefik.yml, updatecertificatesResolvers.myresolver.acme.dnsChallenge.providerif needed -
Go to
traefik-dynamic.yml, update the host athttp.routers.to-dev-server.ruleand update the port atservices.dev-server.loadBalancer.servers[0].urlto the port of your local server -
Run
docker compose up. It takes a bit to request a SSL certificate and then your local server should be reachable at the desired host.