Skip to content

Support https locally #2640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support https locally #2640

wants to merge 1 commit into from

Conversation

http-teapot
Copy link
Contributor

@http-teapot http-teapot commented Aug 7, 2025
edited by ellipsis-dev bot
Loading

Description

Adds support for https to leverage service workers and push API locally.

Notes:

  1. Uses nginx in a docker container to reverse proxy https://onlook.internal to localhost:3000.
  2. Automatically generates SSL certificates when it is booted the first time. It also adds the certificate to the keychain – which prompts system password (might need to put a disclaimer in the doc).
  3. Requires /etc/hosts to be edited to add 127.0.0.1 onlook.internal
  4. localhost:3000 can still be used
  5. onlook.internal instead of localhost
    1. because some third-party services requires client-side authentication with a valid callback TLD domain (localhost is not valid)
    2. .internal is specifically reserved for internal usage
    3. I believe there are other benefits, can't find the links

Using docker to host nginx might feel overkill, but the container image is relatively small because it uses alpine and it simplifies the setup of the environment.

Related Issues

Type of Change

  • Bug fix
  • New feature
  • Documentation update
  • Release
  • Refactor
  • Other (please describe): Dev tools

Testing

  1. bun backend:start – will ask you for password to add certificate to key chain
  2. bun dev
  3. sudo vim /etc/hosts and add 127.0.0.1 onlook.internal
  4. open https://onlook.internal

Screenshots (if applicable)

Additional Notes

Important

Adds local HTTPS support using Nginx in Docker, with SSL certificate generation and configuration for onlook.internal.

  • HTTPS Support:
    • Adds Nginx configuration in server.conf to reverse proxy https://onlook.internal to localhost:3000.
    • Adds docker-compose.yaml to run Nginx in a Docker container.
    • Updates package.json to run Nginx setup with backend:start script.
  • SSL Certificates:
    • Adds genkeys.sh to generate SSL certificates and add them to the Mac keychain.
    • Adds openssl.cnf for certificate configuration.
    • Adds .gitignore for SSL files.
  • Configuration Changes:
    • Updates config.toml to include https://onlook.internal in additional_redirect_urls.

This description was created by Ellipsis for 65486f3. You can customize this summary. It will automatically update as commits are pushed.

@vercel Vercel
Copy link

vercel bot commented Aug 7, 2025

Someone is attempting to deploy a commit to the Onlook Team on Vercel.

A member of the Team first needs to authorize it.

graphite-app[bot]
graphite-app bot reviewed Aug 7, 2025
View reviewed changes
apps/nginx/docker-compose.yaml
Comment on lines +7 to +8
ports:
- '443:443'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The HTTP to HTTPS redirect in server.conf is configured to listen on port 80, but this port isn't exposed in the Docker configuration. To enable the redirect functionality, port 80 needs to be added to the ports section:

ports:
    - '443:443'
    - '80:80'

This will allow the container to receive HTTP traffic and properly redirect it to HTTPS as defined in the server configuration.

Suggested change
ports:
- '443:443'
ports:
- '443:443'
- '80:80'

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@http-teapot