Only gripe is being told to match Dev with production ... And then develop on Mac OS.

Virtual machines are a much cleaner and nicer way to do this. Setting up a wildcard SSL is similarly as simple, an you get the bonus of learning how to do it on a "real" (normal, more standard) server.

Example setting up wildcard subdomain SSL cert (self-signed): https://serversforhackers.com/ssl-certs/

Having gotten more accustomed to the VM approach over the past year since I wrote this post, I agree.

Thanks for leaving your Gist up there describing the process, Jed. I do some work in VMs, but still found it very useful.

Hi Jed, I was wondering what your VM box looks like? Any cool tools you would recommend?

The development process is much less complicated when you only consider a single OS. The answer to: "How do I do this?" is always the same; a significant time/brain savings.

Also, if you develop for multiple clients, projects don't bleed into each other.

"Well, client X still uses PG 9.1, but I accidentally used a 9.3 feature, because thats what client Y uses."

I use ngrok (https://ngrok.com/), which tunnels a local port and makes it available over ssl on an ngrok.com subdomain.

Makes it easy to develop from any machine, and even allows me to check it out from other machines. Including things like browserling.

On top of that, it can record and replay requests for you as you debug.

I use multicast DNS so that my server in a development VM can automatically publish a hostname to the host for testing.

http://bens.me.uk/2013/multicast-dns-and-development-virtual...

This is especially useful as my application is multi-tenant, where you can potentially use lots of different hostnames.

I'm wary of trusting a development certificate on my development machines. One slight misconfiguration, and you've got a CA with a well-known private key which can be used to generate certificates for any name. Which would be very useful for MITMing a rather important machine.

I accept the inconvenience of having to click through the warnings, with conscious awareness of what I'm doing to avoid training myself to ignore them. I'm not entirely sure which is the bigger risk.

Keychain Access makes creating a certificate authority very easy - you might as well just use that...

Besides, I don't understand why you would choose not to trust the certificate, then click it and choose to trust it...

For the non-OS X crowd, XCA is a really simple GUI for managing your own CA. Just about everything I have that can use an SSL certificate has one that all of my machines trust.

http://xca.sourceforge.net/

Also, xca works just fine on OS X too.

/etc/resolver is pretty cool. I wish it were better-documented / better-known. (I guess `man 5 resolver` documents it.)

I also wish glibc had something similar.

Instead of dnsmasq you can also use https://github.com/robbiev/devdns

Pow is a nice project for handling DNS resolution and forwarding a specific name to a service running on a non-standard port.

I've put Apache with a wildcard cert (& local CA) in front of it to handle SSL termination.

It's very similar to the technique from the article, but I've found the ability to serve requests on the default port to be convenient.

If you're using Django, check out the runserver_plus command from django-extensions: http://django-extensions.readthedocs.org/en/latest/runserver...

I wrote https://www.npmjs.com/package/crisp a while back, which simplifies a lot of this, it generates a self-signed cert and starts a web server in one move

I usually just use https://github.com/jugyo/tunnels.

fyi - I know it's a pain but before I got comfortable with unbound/dnsmasq I wrote a thing to edit your /etc/hosts file, which makes it not quite as painful to deal with.

https://github.com/kevinburke/hostsfile

I didn't see self-signed certs as an alternative. Isn't that a common and reasonable approach?

This describes setting up a self-signed cert

Oops! I read the 3 alternatives and didn't see self-signed certs, which seemed sorta obvious to me. Then skimmed a bit further and saw all sorts of other things and not really any specific mention of self-signed certs. My bad.

I find it kind of ridiculous that making a self-signed cert is still that hard.