-
-
Save levicook/563675 to your computer and use it in GitHub Desktop.
I am the owner of lvh.me. And I'm glad to hear it's helpful. In truth, it's just a fancy DNS trick. lhv.me and all of it's sub-domains just point back to your computer (127.0.0.1). That means running ssl is as simple (or difficult) as running ssl on your computer. | |
I'm not sure how comfortable you are with the command line, but here's my how I setup my development environment. (rvm, passenger, nginx w/ SSL, etc). | |
# Install rvm (no sudo!) | |
# ------------------------------------------------------ | |
bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head ) | |
source ~/.rvm/scripts/rvm | |
rvm install ree-1.8.7-2010.02 | |
rvm ree --passenger | |
sudo mkdir -p /opt && sudo chown -R $USER /opt | |
passenger-install-nginx-module --auto --prefix=/opt/nginx/ --auto-download --extra-configure-flags=--with-http_ssl_module | |
## Setup a self-signed SSL certificate | |
curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.key > /opt/nginx/conf/server.key | |
curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.cert > /opt/nginx/conf/server.crt | |
## Sanity check your passenger_root and passenger_ruby | |
## Define virtual hosts in /opt/nginx/config/nginx.conf | |
## eg: | |
http { | |
passenger_root /Users/levi/.rvm/gems/ree-1.8.7-2010.02/gems/passenger-2.2.15; | |
passenger_ruby /Users/levi/.rvm/bin/passenger_ruby; | |
passenger_pool_idle_time 3600; # keep apps alive | |
# foo.lvh.me (http) | |
# ------------------------ | |
server { | |
listen 80; | |
server_name foo.lvh.me; | |
root /Users/levi/projects/foo/public; | |
passenger_enabled on; | |
rails_env development; | |
} | |
# foo.lvh.me (https) | |
# ------------------------ | |
server { | |
listen 443; ssl on; | |
ssl_certificate /opt/nginx/conf/server.crt; | |
ssl_certificate_key /opt/nginx/conf/server.key; | |
server_name foo.lvh.me; | |
root /Users/levi/projects/foo/public; | |
passenger_enabled on; | |
rails_env development; | |
} | |
} | |
# Start nginx | |
# ------------------------------------------------------ | |
sudo /opt/nginx/sbin/nginx | |
# Stop nginx | |
# ------------------------------------------------------ | |
sudo /opt/nginx/sbin/nginx -s stop |
You can generate a certificate using the DNS challenge with letsencrypt.
Then you have to add a DNS TXT-record to the _acme-challenge.lvh.me subdomain. There is no server needed, so 127.0.0.1 does not matter.
@langenoot yes, you can generate a cert, but where do you store it and distribute it and how's that different from just using self-signed certs?
Usability over security. It avoids that the user needs to make an exception for a self-signed certificate.
Yes, it is hacky but interesting. Might be useful in some cases as mixed content is blocked nowadays and some API's (like webrtc) are not available on http.
I also imagine possibilities for shady purposes, like malware.
@landegnoot sure, but you haven't answered the question.. lvh.me is not for users, it's for developers.
If that is the scope, there is no advantage over self signed certificates.
I stumbled upon this project as I needed a website to connect to a service running on localhost.
Looks like selfsignedcertificate.com has been replaced by some kind of ad site.
What now?
That's correct; It's simply a dns entry that resolves to 127.0.0.1. Let's Encrypt will not generate certs for 127.0.0.1.