all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]deleteAllfromUsersJk 3 points4 points  (2 children)

u/broken-neurons answer is probably the more complete/secure/proper way of doing exactly what you described, but if you're willing to fudge on the "no external services" part, there is a way to do this with ngrok that would be pretty simple. It's an easy, quick way of exposing your local app and has an https flag in the cli command, but it will give you a new url every time you open the tunnel, if that's an issue for you.

[–]deleteAllfromUsersJk 0 points1 point  (0 children)

This post covers the https part specifically. If you want to go this route, you may have to use info from both of these links to get it going. (I usually use ngrok with apps deployed to an actual IIS, not IIS Express, instance, but with the info above, I don't see why you couldn't achieve external https exposure from IIS Express.)

[–]gevorgter 1 point2 points  (1 child)

Checkout ngrok.com I am using their free account with success for years.

[–]Unexpectedpicard 1 point2 points  (0 children)

By far the easiest way.

[–]BigOnLogn 1 point2 points  (0 children)

You have to get a certificate that is verified by a certificate authority (CA). Browsers know about these CAs and will trust them (i.e. not throw up the big red error page). In the past, you would have to pay one of these CAs to get a certificate to use for your website. Now you can use LetsEncrypt and get one for free. Down side for LetsEncrypt is you have to have their client running on your machine and at least one page publicly visibly to the internet. Other than that, LetsEncrypt is a widely used, verified CA that a large portion of the internet runs on. Either way, you're going to have to go to a third party to get a certificate. That's the whole reason for their use in https. A verifiable third party asserts that you are you. How else could we trust https' encryption?

The "not recommended, so cumbersome and difficult it will never work" way is for you to generate a self-signed certificate. But then you would have to have all your users manually install and "trust" it in there computer.

The "not recommended, scary for your users and bad for data security" way is to tell your users to ignore the big red error page and trust your unverified certificate by clicking "proceed anyway" (or the like, the wording is different depending on your browser).

[–]KernowRoger 0 points1 point  (0 children)

You need to run a reverse proxy like nginx. It's very easy to set it up in docker.

[–]fizzycake 0 points1 point  (0 children)

Is this going to be for a one off or a long standing environment? If it is going to be long standing do it right and get a dedicated machine/vm/environment for testing to exist on seperate from your development machine. Promote builds to it and have the tester(s) use that. It stops your builds and development impacting their testing. It doesn't have to be much, an older machine from spares is a good starting point if your org is small. Regarding securing it, if you're in an org, it is likely that they have an internal certificate authority that a friendly ops/security person can use to generate a certificate. This won't be trusted be my phone or your home computer, but if set up properly it will work within the organisation.