Setting Up HTTPS for Local Development with Nginx Reverse Proxy and Docker

Background In a typical front‑back separation project, developers sometimes need the front‑end to call services running on a local machine for debugging, but the corporate test environment uses HTTPS while the local service runs over HTTP, causing protocol mismatches.

Solution Instead of modifying the Spring Boot code, we use Nginx as a reverse proxy to terminate HTTPS, allowing the back‑end test domain to point to the Nginx container which forwards traffic to the local HTTP service.

Certificate Issuance

First, generate a root certificate and a server certificate using the openssl tool.

1. Root certificate generation

# Generate an RSA private key
openssl genrsa -out root.key 2048
# Create a self‑signed root certificate
openssl req -sha256 -new -x509 -days 365 -key root.key -out root.crt \
    -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=work/CN=fakerRoot"

2. Server certificate generation

# Generate an RSA private key for the server
openssl genrsa -out server.key 2048
# Create a CSR with SAN extension
openssl req -new \
    -sha256 \
    -key server.key \
    -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=work/CN=xxx.com" \
    -reqexts SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:*.xxx.com,DNS:*.test.xxx.com")) \
    -out server.csr
# Sign the CSR with the previously generated root certificate
openssl ca -in server.csr \
    -md sha256 \
    -keyfile root.key \
    -cert root.crt \
    -extensions SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:xxx.com,DNS:*.test.xxx.com")) \
    -out server.crt

After these steps we obtain three essential files:

root.crt : the root certificate

server.key : private key for the server certificate

server.crt : the server certificate

Note: The server certificate must include the domain names used by the test environment, otherwise browsers will flag the certificate as insecure.

Nginx Configuration

For convenience we run an Nginx container via Docker, mounting the certificates and configuration files.

nginx.conf

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate "/usr/local/nginx/ssl/server.pem";
    ssl_certificate_key "/usr/local/nginx/ssl/server.key";
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
        proxy_http_version 1.1;
    }
}

By setting ssl_certificate and ssl_certificate_key we enable HTTPS on Nginx, while proxy_pass forwards requests to the local development service.

Start the container

docker run -d --name https -p 443:443 \
    -v ~/forword/ssl:/usr/local/nginx/ssl \
    -v ~/forword/config/nginx.conf:/etc/nginx/conf.d/default.conf \
    nginx

The mounted configuration and certificates allow the service to be accessed securely via HTTPS on port 443.

Install Root Certificate

Because the server certificate is self‑signed, it must be added to the operating system’s trusted root store.

Open Chrome → Settings → Advanced → Manage certificates.

Navigate to “Trusted Root Certification Authorities” → Import.

Select the previously generated root.crt file and complete the import.

Modify Hosts

When debugging, start the local service, then edit the hosts file to map the test domain to the Nginx server’s IP. The browser’s lock icon will show the installed certificate, confirming a successful HTTPS deployment.

Afterword

The article also mentions alternative approaches, such as using fiddler as a man‑in‑the‑middle proxy, but those are not covered in detail here.