Use IP address for self-sign SSL (--experimental-https)

[basememara]

Goals

Enable mobile device access to a Next.js development server over HTTPS on a local network IP address.

Non-Goals

This request is specifically for local development only. Managing production-grade certificates is out of scope.

Background

In development, applications such as a video streaming app built with Next.js need to be tested on native mobile devices (iOS/Android).

However, platforms like iOS require HTTPS for sensitive APIs (e.g., camera and microphone access).

The current Vercel guide, "How can I run Next.js on localhost through HTTPS?", shows how to run:

next dev --experimental-https

This command generates a self-signed certificate automatically for localhost only. There is currently no option to add the local network IP address (e.g., 192.168.1.x) as a Subject Alternative Name (SAN) in the generated certificate.

As a result, devices on the same network (such as an iPhone) cannot securely access the app using the local IP over HTTPS.

Proposal

Enhance the next dev --experimental-https option to:

Allow specifying additional domains or IPs (e.g., localhost, 192.168.1.42) when generating the development certificate.
It seems mkcert is already being used under the hood, so the command for the experimental flag would extend the command:

mkcert localhost 192.168.1.42

This could be done automatically or make this configurable via CLI flags (e.g., --https-sans "localhost,192.168.1.42") or environment variables. This would allow developers to access the dev server via both:

https://localhost:3000
https://192.168.1.42:3000

This would greatly improve the developer experience for teams building mobile-first or hardware-integrated applications where native device testing is critical during development.