This week I've been working on a Java project where I needed to integrate login using OpenID Connect. Since OIDC does a post to a URL (e.g. ry4n.pw), I wanted my local machine to handle requests while I worked on a solution without needing to repoint my domain to my local machine.

My solution was to accomplish this by (1) resolving DNS to my machine and then (2) redirecting all local traffic on port 80 to a local Jetty server running on port 8080. By only redirecting local traffic, I didn't need to open my machine to the internet.

Putting these two tricks together I was able to have OIDC do an HTTP POST to my production redirect_uri (e.g. ry4n.pw/oidc/authorize) and then handle the request on my local Jetty instance.

1. Resolve domain to localhost by editing /etc/hosts

127.0.0.1 ry4n.pw

Now all requests going to ry4n.pw will go to my localhost instead! Note you'll need to configure Jetty to run on the IP 0.0.0.0 for this to work.

2. Redirect port 80 -> 8080

echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -

The above code redirects TCP traffic on port 80 to port 8080. Alternatively, I could have configured maven to run directly on port 80 with sudo privileges. It seemed safer to configure a redirect and run my application with standard permissions.

3. View current port forwarding rules

If you forget whether or not the port forwarding is running, you can check anytime using:

sudo pfctl -s nat

4. Stop Port Forwarding

When you're done with development and want to clean it up so the port forwarding is disabled, you can run the following:

sudo pfctl -F all -f /etc/pf.conf