Show HN: Local development with .local domains and HTTPS

84 点作者 jarekceborski将近 2 年前

Hi HN! I'm Jarek, and I've built this tool that allows publishing .local domains on the local network using mDNS.It also has a reverse proxy that handles HTTPS termination and port forwarding.I'm working on adding more features, like an index page with all available domains or allowing proxy redirects, so you could redirect from HTTP to HTTPS.Let me know if you have any questions or feedback!

28 条评论

francislavoie将近 2 年前

You can do this with Caddy already, with Automatic HTTPS. Caddy will automatically set up its own CA and use it to issue certs (using smallstep) with .local and .localhost domains.We don't do anything with mDNS though but we've thought about it; none of us use macs anymore but PRs are welcome to make that work. I don't have enough expertise with mDNS to confidently implement it myself, and especially less-so because the implementation would be different on every OS (needs build flags to change the implementation depending on the build target). And this would be free and open source, rather than this paid product.

评论 #36955784 未加载

评论 #36955707 未加载

lapcat将近 2 年前

This submission violates the HN guidelines: "Please don't use HN primarily for promotion. It's ok to post your own stuff part of the time, but the primary use of the site should be for curiosity." <a href="https://news.ycombinator.com/newsguidelines.html">https://news.ycombinator.com/newsguidelines.html</a>The <a href="https://news.ycombinator.com/user?id=jarekceborski">https://news.ycombinator.com/user?id=jarekceborski</a> account was created 1 day ago, the only submission is this one <a href="https://news.ycombinator.com/user?id=jarekceborski">https://news.ycombinator.com/user?id=jarekceborski</a> and the only comments are on this submission <a href="https://news.ycombinator.com/threads?id=jarekceborski">https://news.ycombinator.com/threads?id=jarekceborski</a>

评论 #36955847 未加载

评论 #36957268 未加载

评论 #36959099 未加载

评论 #36966943 未加载

EspressoGPT将近 2 年前

> Forget editing /etc/hosts or typing 192.168.0.12!Instead, pay $19 (instead of $29!) excl. VAT for a service that does this for you! God damn, I hate this industry.

评论 #36955718 未加载

评论 #36955701 未加载

评论 #36955745 未加载

评论 #36955634 未加载

评论 #36955660 未加载

评论 #36955724 未加载

评论 #36955810 未加载

rickette将近 2 年前

Can recommend <a href="https://github.com/FiloSottile/mkcert">https://github.com/FiloSottile/mkcert</a> for this purpose (local development certs).

评论 #36955536 未加载

8organicbits将近 2 年前

Great work! Public CAs have done a wonderful job making HTTPS easy for public websites, but private networks feel under-supported and we're often stuck with legacy tools. I'm really happy to see people building here.I've been working on getlocalcert[1] which explores this problem from the other end; how can we make TLS certificate management and trust root distribution easier? There's lots of interest in using certificates issued by public CAs for private domains. Especially the free ones from Let's Encrypt. This completely avoids trust root distribution challenges and concerns about trust roots being used to MITM traffic. My local DNS management story is admittedly currently a hand-wave[2], but I really like your approach. I was hoping we could pair our tools, but I think mDNS is for .local only, so we won't be compatible.I'm curious about the trust root you're using. Lots of tools will create these without any nameConstraints, which is reasonable as client-side support has historically been poor[3], but restricting the root and any intermediaries to *.local can reduce the risk that a stolen trust root is used to MITM unrelated sites like google.com.[1] <a href="https://www.getlocalcert.net/" rel="nofollow noreferrer">https://www.getlocalcert.net/</a>[2] <a href="https://docs.getlocalcert.net/dns/" rel="nofollow noreferrer">https://docs.getlocalcert.net/dns/</a>[3] <a href="https://alexsci.com/blog/name-non-constraint/" rel="nofollow noreferrer">https://alexsci.com/blog/name-non-constraint/</a>

评论 #36956906 未加载

kohanz将近 2 年前

We use puma-dev for this <a href="https://github.com/puma/puma-dev">https://github.com/puma/puma-dev</a>

评论 #36956338 未加载

thenonameguy将近 2 年前

This looks really great!When do you expect to add Linux support? Until then, I'm using a devenv.sh Nix-based setup (without mDNS), with something like this: <a href="https://github.com/cachix/devenv/blob/main/examples/mkcert/devenv.nix">https://github.com/cachix/devenv/blob/main/examples/mkcert/d...</a>

Zetice将近 2 年前

You know you’re onto something when you get HN comments that say, “this can easily be done by just <list half a dozen tools and processes>”…Very clever, if I weren’t leaving the industry I would for sure grab a copy.

j1elo将近 2 年前

This is my poor man's, do-it-yourself, LAN development with HTTPS method:<a href="https://doc-kurento.readthedocs.io/en/latest/knowledge/selfsigned_certs.html" rel="nofollow noreferrer">https://doc-kurento.readthedocs.io/en/latest/knowledge/selfs...</a>Should probably be a blog post. Would be happy to get comments on improvements or updates to the explained process. For now, I already gathered that Android seems to have finally added mDNS resolution support, which is nice as a whole Note banner can then be removed from that page. I also took note that maybe the whole thing can be simplified greatly with Caddy, albeit I think that getting into explaining mkcert is useful for readers who are new to that stuff and don't know how to generate their own SSL certs (like myself a month before writing all that).

hobofan将近 2 年前

Or you could just use Tailscale with their Tunnel feature, and you get most of those things with their free tier (up to 3 users with up to 100 devices) and at a cheaper per-user pricing after that. And it also works cross-platform.

评论 #36955825 未加载

moondev将近 2 年前

foo-192-168-1-1.traefik.mebar-192-168-1-1.traefik.me<a href="http://traefik.me/fullchain.pem" rel="nofollow noreferrer">http://traefik.me/fullchain.pem</a><a href="http://traefik.me/privkey.pem" rel="nofollow noreferrer">http://traefik.me/privkey.pem</a>

评论 #36955865 未加载

评论 #36955962 未加载

mijoharas将近 2 年前

Regarding the certs. Does this do something special to trust the self-signed root certificate that you add? or do you need to manually trust it on any device that you use to connect to this?I assume that's the case, but want to check I understand correctly.

评论 #36955715 未加载

emadda将近 2 年前

Looks very nice.Side note: I released <a href="https://tabserve.dev" rel="nofollow noreferrer">https://tabserve.dev</a> a few months ago.It uses a browser tab and web workers as a reverse proxy to get a https url to localhost.

capableweb将近 2 年前

Looks like an interesting project. What I guess is not really clear is why you'd want to do TLS for local only connections? Are the services published with the .local domain accessible from outside as well so it's like a ngrok alternative?I'm pretty sure I'm misunderstanding the value-add of having TLS for localhost connections...

评论 #36955456 未加载

评论 #36955455 未加载

评论 #36955480 未加载

评论 #36955550 未加载

评论 #36955659 未加载

评论 #36955474 未加载

评论 #36955466 未加载

drekipus将近 2 年前

Is this something like how ".local" is already a mDNS standard but OSX and android won't support it yet? (Unless they buy your app)I can already access "myserverhost.local" from everything but android and OSX. Windows and Linux work fine automatically.

评论 #36955560 未加载

评论 #36957600 未加载

评论 #36955807 未加载

jasonlotito将近 2 年前

I'm curious about the license requirements. Is it 1 license per install, or 1 per install that is currently serving?I have two devices, but I will never use them at the same time (and if I do by accident, I'd expect your software to stop working).

评论 #36955664 未加载

waithuh将近 2 年前

Risky target audience. Maybe useful for people that hop networks regularly.

jareklupinski将近 2 年前

had a mini-heart attack reading the intro; we don't see enough of each others' names on here :)been waiting for something like this to come along: when i set up microcontrollers that expose a mini-server, i would like to use the Geolocation API built into mobile browsers so users can tell the gadget where it is, but they block access to the API unless your site starts with '<a href="https://" rel="nofollow noreferrer">https://</a>' ( a silly barrier but whatever )

pratio将近 2 年前

We use mkcert for this, it works wonderfully.<a href="https://github.com/FiloSottile/mkcert">https://github.com/FiloSottile/mkcert</a>

AlexJuca将近 2 年前

Very cool tool! This can be done using other means but I like how easy it is with this tool and the app has a decent looking UI.Congrats on releasing the tool.

blacklight将近 2 年前

"Forget editing /etc/hosts!"Right.Why would you edit a local file (or create a record on your own local DNS), generate your own self-signed certificate, and immediately get a website that can be tested on your machine, on your local network or on your VPN, when you can pay someone $19 per device (MacOS only) for something less powerful?I understand that everybody needs to make money for a living, but this seems like the digital equivalent of bottling tap water and asking people to pay for it.

评论 #36963118 未加载

mkl95将近 2 年前

Isn't that just a sidecar? Maybe Kubernetes is hard enough that some engineers are willing to pay $19 to avoid using it.

a_imho将近 2 年前

Forget editing /etc/hostsWhy?

评论 #36955663 未加载

评论 #36955762 未加载

manuelfcreis将近 2 年前

Really like what this does and the look of it! Congrats

评论 #36955248 未加载

rado将近 2 年前

Interesting. Does it have gzip and HTTP/2? Thanks

评论 #36959184 未加载

redder23将近 2 年前

I feels this is something that should NOT be a payable service at all. I am sure its not rocket science, not even Linux support?Probably some open source tools for this to set it up your self for free.

评论 #36955603 未加载

mdev23将近 2 年前

is it secure?

Thoeu388将近 2 年前

Lets introduce proprietary service with a payment plan. That will simplify things LOL.Just switch to Linux and you will never ever had to deal with this weird stuff agian!

评论 #36955779 未加载