Hi HN! I'm Jarek, and I've built this tool that allows publishing .local domains on the local network using mDNS.<p>It also has a reverse proxy that handles HTTPS termination and port forwarding.<p>I'm working on adding more features, like an index page with all available domains or allowing proxy redirects, so you could redirect from HTTP to HTTPS.<p>Let me know if you have any questions or feedback!
You can do this with Caddy already, with Automatic HTTPS. Caddy will automatically set up its own CA and use it to issue certs (using smallstep) with .local and .localhost domains.<p>We don't do anything with mDNS though but we've thought about it; none of us use macs anymore but PRs are welcome to make that work. I don't have enough expertise with mDNS to confidently implement it myself, and especially less-so because the implementation would be different on every OS (needs build flags to change the implementation depending on the build target). And this would be free and open source, rather than this paid product.
This submission violates the HN guidelines: "Please don't use HN primarily for promotion. It's ok to post your own stuff part of the time, but the primary use of the site should be for curiosity." <a href="https://news.ycombinator.com/newsguidelines.html">https://news.ycombinator.com/newsguidelines.html</a><p>The <a href="https://news.ycombinator.com/user?id=jarekceborski">https://news.ycombinator.com/user?id=jarekceborski</a> account was created 1 day ago, the only submission is this one <a href="https://news.ycombinator.com/user?id=jarekceborski">https://news.ycombinator.com/user?id=jarekceborski</a> and the only comments are on this submission <a href="https://news.ycombinator.com/threads?id=jarekceborski">https://news.ycombinator.com/threads?id=jarekceborski</a>
> Forget editing /etc/hosts or typing 192.168.0.12!<p>Instead, pay $19 (instead of $29!) excl. VAT for a service that does this for you! God damn, I hate this industry.
Can recommend <a href="https://github.com/FiloSottile/mkcert">https://github.com/FiloSottile/mkcert</a> for this purpose (local development certs).
Great work! Public CAs have done a wonderful job making HTTPS easy for public websites, but private networks feel under-supported and we're often stuck with legacy tools. I'm really happy to see people building here.<p>I've been working on getlocalcert[1] which explores this problem from the other end; how can we make TLS certificate management and trust root distribution easier? There's lots of interest in using certificates issued by public CAs for private domains. Especially the free ones from Let's Encrypt. This completely avoids trust root distribution challenges and concerns about trust roots being used to MITM traffic. My local DNS management story is admittedly currently a hand-wave[2], but I really like your approach. I was hoping we could pair our tools, but I think mDNS is for .local only, so we won't be compatible.<p>I'm curious about the trust root you're using. Lots of tools will create these without any nameConstraints, which is reasonable as client-side support has historically been poor[3], but restricting the root <i>and</i> any intermediaries to *.local can reduce the risk that a stolen trust root is used to MITM unrelated sites like google.com.<p>[1] <a href="https://www.getlocalcert.net/" rel="nofollow noreferrer">https://www.getlocalcert.net/</a><p>[2] <a href="https://docs.getlocalcert.net/dns/" rel="nofollow noreferrer">https://docs.getlocalcert.net/dns/</a><p>[3] <a href="https://alexsci.com/blog/name-non-constraint/" rel="nofollow noreferrer">https://alexsci.com/blog/name-non-constraint/</a>
This looks really great!<p>When do you expect to add Linux support?
Until then, I'm using a devenv.sh Nix-based setup (without mDNS), with something like this:
<a href="https://github.com/cachix/devenv/blob/main/examples/mkcert/devenv.nix">https://github.com/cachix/devenv/blob/main/examples/mkcert/d...</a>
You know you’re onto something when you get HN comments that say, “this can easily be done by just <list half a dozen tools and processes>”…<p>Very clever, if I weren’t leaving the industry I would for sure grab a copy.
This is my poor man's, do-it-yourself, LAN development with HTTPS method:<p><a href="https://doc-kurento.readthedocs.io/en/latest/knowledge/selfsigned_certs.html" rel="nofollow noreferrer">https://doc-kurento.readthedocs.io/en/latest/knowledge/selfs...</a><p>Should probably be a blog post. Would be happy to get comments on improvements or updates to the explained process. For now, I already gathered that Android seems to have finally added mDNS resolution support, which is nice as a whole <i>Note</i> banner can then be removed from that page. I also took note that maybe the whole thing can be simplified greatly with Caddy, albeit I think that getting into explaining <i>mkcert</i> is useful for readers who are new to that stuff and don't know how to generate their own SSL certs (like myself a month before writing all that).
Or you could just use Tailscale with their Tunnel feature, and you get most of those things with their free tier (up to 3 users with up to 100 devices) and at a cheaper per-user pricing after that. And it also works cross-platform.
Regarding the certs. Does this do something special to trust the self-signed root certificate that you add? or do you need to manually trust it on any device that you use to connect to this?<p>I assume that's the case, but want to check I understand correctly.
Looks very nice.<p>Side note: I released <a href="https://tabserve.dev" rel="nofollow noreferrer">https://tabserve.dev</a> a few months ago.<p>It uses a browser tab and web workers as a reverse proxy to get a https url to localhost.
Looks like an interesting project. What I guess is not really clear is why you'd want to do TLS for local only connections? Are the services published with the .local domain accessible from outside as well so it's like a ngrok alternative?<p>I'm pretty sure I'm misunderstanding the value-add of having TLS for localhost connections...
Is this something like how ".local" is already a mDNS standard but OSX and android won't support it yet? (Unless they buy your app)<p>I can already access "myserverhost.local" from everything but android and OSX. Windows and Linux work fine automatically.
I'm curious about the license requirements. Is it 1 license per install, or 1 per install that is currently serving?<p>I have two devices, but I will never use them at the same time (and if I do by accident, I'd expect your software to stop working).
had a mini-heart attack reading the intro; we don't see enough of each others' names on here :)<p>been waiting for something like this to come along: when i set up microcontrollers that expose a mini-server, i would like to use the Geolocation API built into mobile browsers so users can tell the gadget where it is, but they block access to the API unless your site starts with '<a href="https://" rel="nofollow noreferrer">https://</a>' ( a silly barrier but whatever )
We use mkcert for this, it works wonderfully.<p><a href="https://github.com/FiloSottile/mkcert">https://github.com/FiloSottile/mkcert</a>
Very cool tool! This can be done using other means but I like how easy it is with this tool and the app has a decent looking UI.<p>Congrats on releasing the tool.
"Forget editing /etc/hosts!"<p>Right.<p>Why would you edit a local file (or create a record on your own local DNS), generate your own self-signed certificate, and immediately get a website that can be tested on your machine, on your local network or on your VPN, when you can pay someone $19 per device (MacOS only) for something less powerful?<p>I understand that everybody needs to make money for a living, but this seems like the digital equivalent of bottling tap water and asking people to pay for it.
I feels this is something that should NOT be a payable service at all. I am sure its not rocket science, not even Linux support?<p>Probably some open source tools for this to set it up your self for free.
Lets introduce proprietary service with a payment plan. That will simplify things LOL.<p>Just switch to Linux and you will never ever had to deal with this weird stuff agian!