|
| 1 | +# HTTPS dev server (LAN testing) |
| 2 | +This document explains how to create locally-trusted certificates and run the Vite dev server over HTTPS so you can test the app from other devices on the same LAN (phones, tablets, etc.). |
| 3 | + |
| 4 | +## Recommended approach: use `mkcert` (easiest — certificates are trusted automatically) |
| 5 | + |
| 6 | +### Install mkcert |
| 7 | +- macOS (Homebrew): |
| 8 | +``` |
| 9 | +brew install mkcert |
| 10 | +brew install nss # for Firefox (optional) |
| 11 | +``` |
| 12 | +- Windows (Chocolatey): |
| 13 | +``` |
| 14 | +choco install mkcert |
| 15 | +``` |
| 16 | +- Linux: download the mkcert binary from the project releases or use your package manager if available. Also install ```libnss3-tools``` for Firefox integration when required. |
| 17 | + |
| 18 | +(See mkcert project for platform-specific install steps.) |
| 19 | + |
| 20 | +### Generate certs (recommended) |
| 21 | +```npm run generate-cert``` |
| 22 | +This script will prefer mkcert. If mkcert is installed it will create a locally-trusted certificate and install a local CA (if needed). The generated files will be placed in ```./certs/localhost.pem``` and ```./certs/localhost-key.pem```. |
| 23 | + |
| 24 | +### Start the dev server |
| 25 | +```npm run dev:https``` |
| 26 | + |
| 27 | +### Open the site from another device on your LAN using your machine IP, for example: |
| 28 | +```https://192.168.1.23:5173``` |
| 29 | +If the browser still warns about the certificate, confirm ```mkcert -install``` succeeded, or (if using the OpenSSL fallback) ```import certs/localhost.pem``` into the OS/browser trust store (instructions below). |
| 30 | + |
| 31 | +## Fallback: OpenSSL (self-signed) |
| 32 | + |
| 33 | +If you don't have mkcert installed, npm run generate-cert will try to create a self-signed cert with openssl. Self-signed certs will trigger browser warnings unless you import the cert into the trusted root store. |
| 34 | +Trusting the self-signed cert (example): |
| 35 | +- macOS (Keychain Access) |
| 36 | + 1. Open Keychain Access. |
| 37 | + 2. File → Import Items → select ```certs/localhost.pem```. |
| 38 | + 3. Find the imported cert in login or System keychain, double-click it, expand "Trust" and set "When using this certificate" → "Always Trust". |
| 39 | + |
| 40 | +- Windows |
| 41 | + 1. Run certmgr.msc. |
| 42 | + 2. Import ```certs/localhost.pem``` into ```Trusted Root Certification Authorities``` → Certificates. |
| 43 | + |
| 44 | +- Linux |
| 45 | + 1. Varies by distro/browser. On Debian/Ubuntu you can generally copy the PEM into ```/usr/local/share/ca-certificates/``` and run ```sudo update-ca-certificates```. Firefox may need manual import. |
| 46 | + |
| 47 | +## HMR / websocket problems |
| 48 | + |
| 49 | +If the dev server loads but HMR (hot module replacement) fails in other devices, set DEV_HMR_HOST to your host machine's LAN IP when starting the server. Example: |
| 50 | + |
| 51 | +- macOS / Linux: |
| 52 | +```DEV_HMR_HOST=192.168.1.23 npm run dev:https``` |
| 53 | + |
| 54 | +- Windows (PowerShell): |
| 55 | +``` |
| 56 | +$env:DEV_HMR_HOST = '192.168.1.23' |
| 57 | +npm run dev:https |
| 58 | +``` |
| 59 | +This forces Vite to use that host in the HMR websocket URL. |
| 60 | + |
| 61 | +## Troubleshooting |
| 62 | + |
| 63 | +- If you see ```NET::ERR_CERT_AUTHORITY_INVALID```, your cert is not trusted. Prefer mkcert to avoid this. |
| 64 | +- If ```mkcert``` fails to install the local CA, try running ```mkcert -install``` manually (may request admin rights). |
| 65 | +- If ```openssl``` is not installed on Windows, use ```mkcert ``` instead, or install OpenSSL via MSYS2 / Git for Windows / other means. |
| 66 | + |
| 67 | +## Security note |
| 68 | +Do not commit your private key to the repository. We add certs/ to .gitignore. If you prefer to share a single cert for your team, coordinate explicitly and treat the key as sensitive. |
0 commit comments