I seem to have got past most of the addon test mode issues on MacOS by using homebrew's nginx, and ssl using a keychain generated self signed key that is customized to include the subjectaltnam and authorized for ssl in the keychain. There was some tweaking of the nginx.conf file to contain the proper CORS http headers. If you don't have your self signed cert completely authenticated in Keychain, you won't even see responses sent back from the localhost web server when requested by C3. Also, port's nginx doesn't even install, so avoid that.
It sounds more painful than it was.
I do recommend anyone thinking of Tomcat shy away from it. The CORS filters do *NOT* allow the proper headers to go through in the HTTP response unless you're willing to write a custom filter to fix it.