SSL certificates for local dev are stored in src/config/config.development.ejson under the DEV_SSL_CERTIFICATE and DEV_SSL_PRIVATE_KEY keys. These need to be updated in the config.development.ejson file manually every 90 days; after updating, developers will need to run npm run nginx:configure again.
The certificate and key are available on the Digital Ocean droplet named codex-dev-cert-bot. This droplet is running nginx and LetsEncrypt's Certbot. Full details on installation and set up of LetsEncrypt certbot are available in this blog post: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX. The certificates are auto-renewed by the certbot (you can see the public DNS for dev.usecodex.com domain is pointed at the droplet).
The certificate and key in the Digital Ocean droplet are stored at:
/etc/letsencrypt/live/dev.usecodex.com/fullchain.pem/etc/letsencrypt/live/dev.usecodex.com/privkey.pem
After installing nginx with Homebrew, you will be prompted to run it as a Homebrew service, which you should accept (brew services list to see running services, like nginx). The docroot is located at /opt/homebrew/var/www and the default port should be set in /opt/homebrew/etc/nginx/nginx.conf to something other than 80 (we use 8080, see npm run nginx:configure) so that nginx can run without sudo. nginx will load all files in /opt/homebrew/etc/nginx/servers/, if you want to play around.