Local HTTPS Services with Custom .local domains

This guide explains how to serve multiple local services on custom domains (e.g. .local → service1.local) with HTTPS, using Caddy and no external DNS or certificates.

Prerequisites

• Arch Linux (or derivative)
• Services running locally on different ports (e.g., 8080, 9090)
• caddy installed:

  sudo pacman -S caddy

Step 1: Map Local Hostnames

Edit /etc/hosts:

sudoedit /etc/hosts

Add:

127.0.0.1  service1.local service2.local service3.local

Step 2: Configure Caddyfile

Edit or create your Caddyfile (default path: /etc/caddy/Caddyfile):

service1.local {
    tls internal
    reverse_proxy 127.0.0.1:8080
}

service2.local {
    tls internal
    reverse_proxy 127.0.0.1:9090
}

This tells Caddy to:

• Use internal TLS (self-signed CA)
• Reverse-proxy requests based on hostname and forward to corresponding ports

Step 3: Start Caddy

Restart the service to apply changes:

sudo systemctl restart caddy

Step 4: Trust Caddy’s Local CA (One-Time Setup)

1. Copy the root certificate:

sudo cp /var/lib/caddy/pki/authorities/local/root.crt /etc/ca-certificates/trust-source/anchors/caddy-local.crt

2. Update the system trust store:

sudo trust extract-compat

3. (Optional) Trust in Firefox:

• Preferences → Privacy & Security → Certificates → View Certificates → Authorities → Import
• Choose /var/lib/caddy/pki/authorities/local/root.crt
• Check “Trust this CA to identify websites”

You might need to copy the root.crt into your home and chown it to load it in firefox...

Done!

Now you can access:

• https://service1.local → 127.0.0.1:8080
• https://service2.local → 127.0.0.1:9090