Developer Guide

Written by Casper Fenger Jensen • Updated 2026-04-14

How to Put a React App on HTTPS in Development

Expose a React development app over HTTPS for secure browser APIs, embedded flows, mobile testing, and auth callbacks without setting up local certificate chains.

Not every React app runs through Next.js. If you have a plain React frontend on a local dev server, Bore is a good fit when the real requirement is a secure public URL rather than local TLS termination inside the toolchain.

react localhost httpsreact dev server httpsreact app local ssl

Install Bore

curl -sL https://bore.dk/install.sh | bash

Works with React dev servers on localhost

Good for browser API and auth testing

Pairs well with separate local API services

How It Works

Simple local workflow, real HTTPS externally

Step 1

Run the React app locally

Start the app on its current local port, often 3000 or 5173.

Step 2

Expose it over HTTPS

Use Bore to give the React app a secure public URL.

bore up 5173

Step 3

Use the URL for secure frontend testing

Test secure cookies, embedded flows, service workers, or mobile browser behavior against the HTTPS origin.

Step 4

Add a child host if the API should stay on another origin

Bore can reserve a child host under the same namespace and point it at the local API.

Where Bore Differs

Bore can keep HTTPS on reserved child hosts too

Most tunnel workflows stop at one public hostname. Bore can keep your main app on one HTTPS namespace and reserve a child host like `api.<namespace>.bore.dk` for a second local service.

bore host add <namespace> api
bore host set-port <namespace> api 3001

That matters when frontend and API origins need to stay separate in local development, or when webhook, auth, and admin traffic should not all share one hostname.

FAQ

Common questions

How do I make a React app run on HTTPS locally?

If you need a real secure URL rather than local certificate plumbing, the shortest path is to expose the local React app through Bore.

Is this only for Vite-based React apps?

No. Bore works with any React development server that is already running on a local port.

Can this help with app and API split setups?

Yes. Bore can keep the React app on the root hostname and move the API to a child host on another local port.

Related Guides

More HTTPS development guides

View all guides

How to Run Next.js Dev on HTTPS

Use Next.js locally with a real HTTPS URL for auth flows, secure cookies, preview links, and webhook callbacks. Bore exposes Next.js dev over HTTPS without local certificate setup.

How to Run Node.js, Express, Fastify, or NestJS Dev on HTTPS

Run a local Node.js server behind a real HTTPS URL without wiring custom TLS code into your app. Bore works well for Express, Fastify, NestJS, and custom Node servers.

How to Use Vite on HTTPS Locally

Test a Vite app over HTTPS without switching your development workflow to custom local certificates. Bore gives your Vite dev server a real HTTPS URL in one step.

How to Expose a Local API Over HTTPS

Put a local API on a real HTTPS URL for browser clients, mobile apps, webhook callbacks, and partner integrations without adding local TLS complexity.