-
-
Save levicook/563675 to your computer and use it in GitHub Desktop.
I am the owner of lvh.me. And I'm glad to hear it's helpful. In truth, it's just a fancy DNS trick. lhv.me and all of it's sub-domains just point back to your computer (127.0.0.1). That means running ssl is as simple (or difficult) as running ssl on your computer. | |
I'm not sure how comfortable you are with the command line, but here's my how I setup my development environment. (rvm, passenger, nginx w/ SSL, etc). | |
# Install rvm (no sudo!) | |
# ------------------------------------------------------ | |
bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head ) | |
source ~/.rvm/scripts/rvm | |
rvm install ree-1.8.7-2010.02 | |
rvm ree --passenger | |
sudo mkdir -p /opt && sudo chown -R $USER /opt | |
passenger-install-nginx-module --auto --prefix=/opt/nginx/ --auto-download --extra-configure-flags=--with-http_ssl_module | |
## Setup a self-signed SSL certificate | |
curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.key > /opt/nginx/conf/server.key | |
curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.cert > /opt/nginx/conf/server.crt | |
## Sanity check your passenger_root and passenger_ruby | |
## Define virtual hosts in /opt/nginx/config/nginx.conf | |
## eg: | |
http { | |
passenger_root /Users/levi/.rvm/gems/ree-1.8.7-2010.02/gems/passenger-2.2.15; | |
passenger_ruby /Users/levi/.rvm/bin/passenger_ruby; | |
passenger_pool_idle_time 3600; # keep apps alive | |
# foo.lvh.me (http) | |
# ------------------------ | |
server { | |
listen 80; | |
server_name foo.lvh.me; | |
root /Users/levi/projects/foo/public; | |
passenger_enabled on; | |
rails_env development; | |
} | |
# foo.lvh.me (https) | |
# ------------------------ | |
server { | |
listen 443; ssl on; | |
ssl_certificate /opt/nginx/conf/server.crt; | |
ssl_certificate_key /opt/nginx/conf/server.key; | |
server_name foo.lvh.me; | |
root /Users/levi/projects/foo/public; | |
passenger_enabled on; | |
rails_env development; | |
} | |
} | |
# Start nginx | |
# ------------------------------------------------------ | |
sudo /opt/nginx/sbin/nginx | |
# Stop nginx | |
# ------------------------------------------------------ | |
sudo /opt/nginx/sbin/nginx -s stop |
@lightningspirit if you managed to generate a certificate for "lvh.me" with let's encrypt, I'd like to know how.
I've tried sudo certbot certonly --standalone -d lvh.me
and got the following error
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for lvh.me
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. lvh.me (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for lvh.me
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: lvh.me
Type: unknownHost
Detail: No valid IP addresses found for lvh.me
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Let's Encrypt wildcard certificate support is live as of March 13 2018.
https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
Would be awesome to have it on lvh.me
Would be awesome to have it on lvh.me
+1
Would be awesome to have it on
lvh.me
+1
As I understand, lvh.me is just a DNS trick, such as adding an A record pointing to 127.0.0.1
. There's no server behind it, there's nothing to perform SSL verification/handshakes.
That's correct; It's simply a dns entry that resolves to 127.0.0.1. Let's Encrypt will not generate certs for 127.0.0.1.
You can generate a certificate using the DNS challenge with letsencrypt.
Then you have to add a DNS TXT-record to the _acme-challenge.lvh.me subdomain. There is no server needed, so 127.0.0.1 does not matter.
@langenoot yes, you can generate a cert, but where do you store it and distribute it and how's that different from just using self-signed certs?
Usability over security. It avoids that the user needs to make an exception for a self-signed certificate.
Yes, it is hacky but interesting. Might be useful in some cases as mixed content is blocked nowadays and some API's (like webrtc) are not available on http.
I also imagine possibilities for shady purposes, like malware.
@landegnoot sure, but you haven't answered the question.. lvh.me is not for users, it's for developers.
If that is the scope, there is no advantage over self signed certificates.
I stumbled upon this project as I needed a website to connect to a service running on localhost.
Looks like selfsignedcertificate.com has been replaced by some kind of ad site.
What now?
You can do it using Let's Encrypt certificates. They are the valid and free ones!