The Mijingo Blog

Latest news, updates, free tutorials, and more from Mijingo.

SSL/Non-SSL Site Locally with MAMP

by Ryan Irelan

In the last blog post we walked through how to set up MAMP Pro for SSL websites. This assumed that your website would be SSL all the time, for every connection. While more and more sites are becoming all SSL, many still only invoke SSL connections for critical situations, like signing in or authenticating, important form submissions, and financial transactions, like purchases.

In these SSL and non-SSL situations, a site visitor is being ushered between secure (SSL, https) and insecure (http) connections, depending on what they’re doing on the site. On Apache, this is typically set up as two different host records, one for port 80 (http) and one for port 443 (https).

When setting this up locally–as a way to emulate how our production server would work–we also need to set up two different host records on Apache.

This tutorial requires that you have a paid (or trial) copy of MAMP Pro.

Set up Non-Secure Host Record

First, let’s set up a normal MAMP host record.

(If you’re new to localhosting, I recommend our free course on localhosting, which includes how to use MAMP.)

Create the MAMP site to point at the local (public) directory of the site files you want to use. Restart the MAMP servers and then go to the site URL to confirm that it is working.

Set up Secure Host Record

This part is already covered in the previous tutorial on setting up SSL on MAMP. In summary: we’ll need to create the new host record for SSL–pointing to the same local directory as in the first step–and make sure we check “SSL” as part of the setup.

Redirecting from Non-SSL to SSL

Unless your software, CMS, or web application is set up to handle the redirect from non-SSL to SSL based on URL, you will want to do it with a redirect, using mod_rewrite rules.

Every situation will be slightly different but here’s an example of how I redirectred non-SSL connections to SSL:


RewriteCond %{HTTPS} off
RewriteCond $1 ^(account|cart/checkout|admin) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This starts with a mod_rewrite conditional to check if the request has HTTPS off (meaning it’s a non-secure request, over port 80), then it checks if the request has one of the URIs listed (delimited by pipes).

I can add as many URIs there to check as I wish. In this example, I’m checking for account, cart/checkout, and admin. These are all common examples of places you’d want to have SSL connections.

If the conditions evaluate to true, then the request is redirected to an https of the same URL. We’re using some variables to grab the current HTTP host and request URI.

Now when someone access mijingo.dev/account, Apache will redirect to https://mijingo./dev/account automatically, never allowing /account to accessed over port 80.

Filed Under: Free Tutorials, Localhosting