Skip to content

Instantly share code, notes, and snippets.

@levicook
Created September 3, 2010 09:31
  • Star 71 You must be signed in to star a gist
  • Fork 10 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save levicook/563675 to your computer and use it in GitHub Desktop.
I am the owner of lvh.me. And I'm glad to hear it's helpful. In truth, it's just a fancy DNS trick. lhv.me and all of it's sub-domains just point back to your computer (127.0.0.1). That means running ssl is as simple (or difficult) as running ssl on your computer.
I'm not sure how comfortable you are with the command line, but here's my how I setup my development environment. (rvm, passenger, nginx w/ SSL, etc).
# Install rvm (no sudo!)
# ------------------------------------------------------
bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
source ~/.rvm/scripts/rvm
rvm install ree-1.8.7-2010.02
rvm ree --passenger
sudo mkdir -p /opt && sudo chown -R $USER /opt
passenger-install-nginx-module --auto --prefix=/opt/nginx/ --auto-download --extra-configure-flags=--with-http_ssl_module
## Setup a self-signed SSL certificate
curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.key > /opt/nginx/conf/server.key
curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.cert > /opt/nginx/conf/server.crt
## Sanity check your passenger_root and passenger_ruby
## Define virtual hosts in /opt/nginx/config/nginx.conf
## eg:
http {
passenger_root /Users/levi/.rvm/gems/ree-1.8.7-2010.02/gems/passenger-2.2.15;
passenger_ruby /Users/levi/.rvm/bin/passenger_ruby;
passenger_pool_idle_time 3600; # keep apps alive
# foo.lvh.me (http)
# ------------------------
server {
listen 80;
server_name foo.lvh.me;
root /Users/levi/projects/foo/public;
passenger_enabled on;
rails_env development;
}
# foo.lvh.me (https)
# ------------------------
server {
listen 443; ssl on;
ssl_certificate /opt/nginx/conf/server.crt;
ssl_certificate_key /opt/nginx/conf/server.key;
server_name foo.lvh.me;
root /Users/levi/projects/foo/public;
passenger_enabled on;
rails_env development;
}
}
# Start nginx
# ------------------------------------------------------
sudo /opt/nginx/sbin/nginx
# Stop nginx
# ------------------------------------------------------
sudo /opt/nginx/sbin/nginx -s stop
@levicook
Copy link
Author

That's correct; It's simply a dns entry that resolves to 127.0.0.1. Let's Encrypt will not generate certs for 127.0.0.1.

@landgenoot
Copy link

You can generate a certificate using the DNS challenge with letsencrypt.
Then you have to add a DNS TXT-record to the _acme-challenge.lvh.me subdomain. There is no server needed, so 127.0.0.1 does not matter.

https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7

@almaron
Copy link

almaron commented Aug 25, 2020

@langenoot yes, you can generate a cert, but where do you store it and distribute it and how's that different from just using self-signed certs?

@landgenoot
Copy link

Usability over security. It avoids that the user needs to make an exception for a self-signed certificate.

Yes, it is hacky but interesting. Might be useful in some cases as mixed content is blocked nowadays and some API's (like webrtc) are not available on http.

I also imagine possibilities for shady purposes, like malware.

@almaron
Copy link

almaron commented Aug 26, 2020

@landegnoot sure, but you haven't answered the question.. lvh.me is not for users, it's for developers.

@landgenoot
Copy link

If that is the scope, there is no advantage over self signed certificates.

I stumbled upon this project as I needed a website to connect to a service running on localhost.

@odigity
Copy link

odigity commented Sep 16, 2023

Looks like selfsignedcertificate.com has been replaced by some kind of ad site.

What now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment