awmichel/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Development Guide for DNS Resolution of permitzone.dev Domains

This guide will walk you through setting up permitzone.dev domain resolution locally. It involves setting up dnsmasq to handle .dev DNS requests and nginx to proxy requests to the correct app locally.
Prerequisites


Homebrew is installed and working. Use brew doctor to verify.

Setup


brew install dnsmasq nginx
sudo mkdir /etc/resolver
echo 'nameserver 127.0.0.1' | sudo tee /etc/resolver/dev
echo 'address=/dev/127.0.0.1' >> /usr/local/etc/dnsmasq.conf
curl https://gist.githubusercontent.com/awmichel/ca09a34b41ae99b31c86d43d0bf13b44/raw/nginx.conf | sed -e 's/WHOAMI/'$(whoami)'/g' > /usr/local/etc/nginx/nginx.conf
mkdir -p /usr/local/etc/nginx/ssl/permitzone.dev
curl -sSL https://raw.githubusercontent.com/frntn/x509-san/master/gencert.sh | CRT_CN="permitzone.dev" CRT_C="US" CRT_L="Myrtle Beach" CRT_O="PermitZone, Inc." CRT_SAN="DNS.1:permitzone.dev,DNS.2:*.permitzone.dev" CRT_FILENAME=/usr/local/etc/nginx/ssl/permitzone.dev/permitzone.dev bash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /usr/local/etc/nginx/ssl/permitzone.dev/permitzone.dev.crt
sudo brew services restart dnsmasq && sudo brew services restart nginx You can also leave out the sudos, but I find they both start more reliably at boot rather than login.


## nginx.conf
user  WHOAMI admin;
worker_processes  1;

events {
  worker_connections  1024;
}

http {
  include       mime.types;
  default_type  application/octet-stream;

  sendfile        on;
  keepalive_timeout  65;

  upstream app {
    server 127.0.0.1:3000;
  }

  upstream api {
    server 127.0.0.1:3001;
  }

  server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
  }

  server {
    listen       443 ssl;
    server_name  app.permitzone.dev;

    ssl_certificate      ssl/permitzone.dev/permitzone.dev.crt;
    ssl_certificate_key  ssl/permitzone.dev/permitzone.dev.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
      proxy_pass http://app;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
      chunked_transfer_encoding off;
      proxy_buffering off;
      proxy_cache off;
    }
  }

  server {
    listen       443 ssl;
    server_name  admin.permitzone.dev api.permitzone.dev;

    ssl_certificate      ssl/permitzone.dev/permitzone.dev.crt;
    ssl_certificate_key  ssl/permitzone.dev/permitzone.dev.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
      proxy_pass http://api;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto https;
      proxy_cache_bypass $http_upgrade;
    }
  }
}
	user WHOAMI admin;
	worker_processes 1;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	sendfile on;
	keepalive_timeout 65;

	upstream app {
	server 127.0.0.1:3000;
	}

	upstream api {
	server 127.0.0.1:3001;
	}

	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl;
	server_name app.permitzone.dev;

	ssl_certificate ssl/permitzone.dev/permitzone.dev.crt;
	ssl_certificate_key ssl/permitzone.dev/permitzone.dev.key;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 5m;

	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	location / {
	proxy_pass http://app;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	chunked_transfer_encoding off;
	proxy_buffering off;
	proxy_cache off;
	}
	}

	server {
	listen 443 ssl;
	server_name admin.permitzone.dev api.permitzone.dev;

	ssl_certificate ssl/permitzone.dev/permitzone.dev.crt;
	ssl_certificate_key ssl/permitzone.dev/permitzone.dev.key;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 5m;

	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	location / {
	proxy_pass http://api;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Proto https;
	proxy_cache_bypass $http_upgrade;
	}
	}
	}