Every once in a while in a web developers life the need arises to generate a some magic files to put in a local webserver so that Chrome stops complaining that your local traffic is not encrypted.
Because you know it is incredibly important to encrypt local traffic because the Russians are listening.
You've done this exactly fourteen times before, so you vaguely remember you have to enter some commands that have 50 weird parameters each.
ssh key-gen
wait, no that's not it
ssh-genkey
?
nope
pgp --gen-key
?
colder..
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
Chrome no longer lets you click "yea I know what I'm doing…" because because the world has become so used to nags that users will impulsively click through anything.
You can get around this screen by clicking anywhere in the window, they keying thisisunsafe
If you're reading this page, you're probably just me trying to remember some config, so you know that the configurations below are not really "production ready" things and need to be further configured. You're just trying to setup the bare minimum local environment, and you really don't care that the Russians are using your local traffic to trick people into voting for Donald Trump.
However in the off chance you're not me doing a self cross reference, you should heed Google's
shitty advice and know that what you're about to do probably isn't safe. thisisunsafe
# /etc/nginx/sites-available/default
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /path/to/domain.crt;
ssl_certificate_key /path/to/domain.key;
root /var/www/html;
index index.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
import http.server
import ssl
# Webserver config
server_address = ('', 4443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)
# Tls config
httpd.socket = ssl.wrap_socket(httpd.socket,
server_side=True,
certfile=".ssh/domain.crt",
keyfile=".ssh/domain.key",
ssl_version=ssl.PROTOCOL_TLS)
# Start server
print("Server running on https://localhost:4443")
httpd.serve_forever()