Skip to content

Local HTTPS Testing

Use local HTTPS to validate real behavior for:

  • Request::isSecure() checks
  • HSTS header emission
  • HTTPS redirect logic
  • CSP behavior under secure context
  1. Generate local certificate:
./scripts/generate-local-https-cert.sh

  1. Ensure Docker service exposes HTTPS port (example 8443).

  2. Start containers:

./vendor/bin/sail up -d --build
  1. Set app URL to HTTPS in host app .env:
APP_URL=https://your-app.test:8443
  1. Clear config cache:
./vendor/bin/sail artisan optimize:clear

  1. Open app on HTTPS URL:

  2. https://your-app.test:8443

  3. Open Sentinel dashboard:

  4. https://your-app.test:8443/sentinel

Notes

  • Browser may warn for self-signed cert; trust locally for testing.
  • Keep trustProxies('*') in Laravel middleware config when behind TLS proxy.
  • Keep production TLS at edge (Nginx/ALB/Cloudflare) plus app-level defense-in-depth.

Trust the local certificate

The generated files are:

  • docker/https/certs/<your-app>.crt
  • docker/https/certs/<your-app>.key

Use your actual certificate filenames if your generator script sets different names.

Ubuntu / Debian (NSS + system stores)

sudo cp docker/https/certs/<your-app>.crt /usr/local/share/ca-certificates/<your-app>.crt
sudo update-ca-certificates

Restart browser after trust update.

macOS

  1. Open Keychain Access.
  2. Import docker/https/certs/<your-app>.crt into System keychain.
  3. Open certificate, set Trust to Always Trust.
  4. Restart browser.

Windows

  1. Run certmgr.msc.
  2. Import docker/https/certs/<your-app>.crt into Trusted Root Certification Authorities.
  3. Restart browser.

Quick verification

curl -k -I https://your-app.test:8443
curl -k -I https://your-app.test:8443/sentinel

If Sentinel headers are enabled, responses should include configured security headers.