Added Reverse Proxy for Developers doc

README.md

@@ -153,9 +153,11 @@ cp config.defaults.sh config.sh
 
 Now open <http://localhost/> in your web browser. To debug the node.js server, install [NiM](https://chrome.google.com/webstore/detail/nodejs-v8-inspector-manag/gnhhdgbaldcilmgcpfddgdbkhjohddkj), open it through your devtools and connect to port 9229.
 
-__Optional__: If you want to test deploying APKs and PWAs, you'll need to make your sandbox publicly accessible at a URL. Tangerine Developers have had good luck using [ngrok](https://ngrok.com/) to create an https tunnel to your local server. Be sure to modify T_HOST_NAME and T_PROTOCOL in config.sh using the URL that NGROK gives you. It can be worth it to pay for a static domain name as you would otherwise have to keep destroying your data folder, updating config.sh with the new URL, and starting over every time you get one of the random NGROK addresses.
+__Optional__: If you want to test deploying APKs and PWAs, you'll need to make your sandbox accessible using an https URL. A reverse proxy will forward https requests to your dev instance running on port 80. Tangerine Developers have had good luck using [tunnelto](https://tunnelto.dev/) and [ngrok](https://ngrok.com/) to create an https tunnel to your local server. Please note that using those methods expose your dev environment to the Internet. An alternative is to create your own reverse proxy - see the [Reverse Proxy for Developers](./docs/developer/reverse-proxy-for-developers.md) doc for more information. 
 
-Example config.sh when using ngrok:
+You must modify T_HOST_NAME and T_PROTOCOL in config.sh using the URL of your dev server. When using a service such as NGROK, it can be worth it to pay for a static domain name as you would otherwise have to keep destroying your data folder, updating config.sh with the new URL, and starting over every time you get one of the random NGROK addresses.
+
+Example config.sh settings when using a reverse proxy:
 ```bash
 T_HOST_NAME='123random.ngrok.io'
 T_PROTOCOL="https"

docs/developer/README.md

@@ -4,6 +4,7 @@
 - [i18n-translation.md](i18n-translation.md)
 - [modules.md](modules.md)
 - [tangerine-dev-tutorial-notes.md](tangerine-dev-tutorial-notes.md)
+- [Reverse Proxy for Developers](./reverse-proxy-for-developers.md)
 
 ## Application design
 - [Data Structures](data-structures.md)

docs/developer/reverse-proxy-for-developers.md

@@ -0,0 +1,76 @@
+# Reverse Proxy for Developers
+
+## Reverse proxy software
+
+[local-ssl-proxy](https://github.com/cameronhunter/local-ssl-proxy) is a Node.js app that can be used to proxy requests from a local development server to a remote server over HTTPS. This is an alternative to using a reverse proxy tunnel service such as ngrok.io or tunnelto.dev.
+
+## Generate SSL certificates
+
+Here's a nice primer on creating a self-signed SSL certificate: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ I've lifted these examples from that article. Although this example focuses on MacOS, the primer in the link has examples for Linux and Windows. 
+
+In the following example, the code creates a key and cert for a local dev server named tangy.test. Note that this script does not have the `-des3` switch, which forces the use of a password, because the script is intended for use with local development servers.
+
+`openssl genrsa -out tangy.test.key 2048`
+
+You'll answer a bunch of questions. The most important one is the Common Name (e.g. server FQDN or YOUR name). Enter the name of your local dev server here, e.g. tangy.test.
+
+`openssl req -new -key tangy.test.key -out tangy.test.csr`
+
+You should now have two files: myCA.key (your private key) and myCA.pem (your root certificate).
+
+# Adding the Root Certificate to macOS Keychain
+
+`sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" myCA.pem`
+
+The tutorial has examples of adding the root certs to other devices, which might be handy for Android and IOS development.
+
+# Creating CA-Signed Certificates
+
+Now create tangy.test.ext:
+
+```
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = tangy.test
+```
+
+The final step: 
+
+`openssl x509 -req -in tangy.test.csr -CA myCA.pem -CAkey myCA.key \
+-CAcreateserial -out tangy.test.crt -days 825 -sha256 -extfile tangy.test.ext`
+
+We now have three files: tangy.test.key (the private key), tangy.test.csr (the certificate signing request, or csr file),
+and tangy.test.crt (the signed certificate).
+We can configure local web servers to use HTTPS with the private key and the signed certificate.
+
+# Using local-ssl-proxy
+
+At this point you can launch Tangerine, which will respond to requests on port 80. Then launch local-ssl-proxy:
+
+local-ssl-proxy --source 443 --target 80 --cert ~/ssl/server.crt --key ~/ssl/server.key
+
+You should be able to access Tangerine via `https://localhost`. Next step - configure your local dev domain in DNS:
+
+## DNS settings
+
+Add your local dev domain to /etc/hosts. The domain 'tangy.test' is used in this example; replace with your own domain:
+
+```
+##
+# Host Database
+#
+# localhost is used to configure the loopback interface
+# when the system is booting.  Do not change this entry.
+##
+127.0.0.1       localhost
+255.255.255.255 broadcasthost
+::1             localhost
+127.0.0.1       tangy.test
+
+```
+
+Now you should be able to access Tangerine using https://tangy.test`.