-
-
Save levicook/563675 to your computer and use it in GitHub Desktop.
| I am the owner of lvh.me. And I'm glad to hear it's helpful. In truth, it's just a fancy DNS trick. lhv.me and all of it's sub-domains just point back to your computer (127.0.0.1). That means running ssl is as simple (or difficult) as running ssl on your computer. | |
| I'm not sure how comfortable you are with the command line, but here's my how I setup my development environment. (rvm, passenger, nginx w/ SSL, etc). | |
| # Install rvm (no sudo!) | |
| # ------------------------------------------------------ | |
| bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head ) | |
| source ~/.rvm/scripts/rvm | |
| rvm install ree-1.8.7-2010.02 | |
| rvm ree --passenger | |
| sudo mkdir -p /opt && sudo chown -R $USER /opt | |
| passenger-install-nginx-module --auto --prefix=/opt/nginx/ --auto-download --extra-configure-flags=--with-http_ssl_module | |
| ## Setup a self-signed SSL certificate | |
| curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.key > /opt/nginx/conf/server.key | |
| curl http://www.selfsignedcertificate.com/download.php?file=28727991/www.example.com.cert > /opt/nginx/conf/server.crt | |
| ## Sanity check your passenger_root and passenger_ruby | |
| ## Define virtual hosts in /opt/nginx/config/nginx.conf | |
| ## eg: | |
| http { | |
| passenger_root /Users/levi/.rvm/gems/ree-1.8.7-2010.02/gems/passenger-2.2.15; | |
| passenger_ruby /Users/levi/.rvm/bin/passenger_ruby; | |
| passenger_pool_idle_time 3600; # keep apps alive | |
| # foo.lvh.me (http) | |
| # ------------------------ | |
| server { | |
| listen 80; | |
| server_name foo.lvh.me; | |
| root /Users/levi/projects/foo/public; | |
| passenger_enabled on; | |
| rails_env development; | |
| } | |
| # foo.lvh.me (https) | |
| # ------------------------ | |
| server { | |
| listen 443; ssl on; | |
| ssl_certificate /opt/nginx/conf/server.crt; | |
| ssl_certificate_key /opt/nginx/conf/server.key; | |
| server_name foo.lvh.me; | |
| root /Users/levi/projects/foo/public; | |
| passenger_enabled on; | |
| rails_env development; | |
| } | |
| } | |
| # Start nginx | |
| # ------------------------------------------------------ | |
| sudo /opt/nginx/sbin/nginx | |
| # Stop nginx | |
| # ------------------------------------------------------ | |
| sudo /opt/nginx/sbin/nginx -s stop |
That's correct; It's simply a dns entry that resolves to 127.0.0.1. Let's Encrypt will not generate certs for 127.0.0.1.
You can generate a certificate using the DNS challenge with letsencrypt.
Then you have to add a DNS TXT-record to the _acme-challenge.lvh.me subdomain. There is no server needed, so 127.0.0.1 does not matter.
@langenoot yes, you can generate a cert, but where do you store it and distribute it and how's that different from just using self-signed certs?
Usability over security. It avoids that the user needs to make an exception for a self-signed certificate.
Yes, it is hacky but interesting. Might be useful in some cases as mixed content is blocked nowadays and some API's (like webrtc) are not available on http.
I also imagine possibilities for shady purposes, like malware.
@landegnoot sure, but you haven't answered the question.. lvh.me is not for users, it's for developers.
If that is the scope, there is no advantage over self signed certificates.
I stumbled upon this project as I needed a website to connect to a service running on localhost.
Looks like selfsignedcertificate.com has been replaced by some kind of ad site.
What now?
As I understand, lvh.me is just a DNS trick, such as adding an A record pointing to
127.0.0.1. There's no server behind it, there's nothing to perform SSL verification/handshakes.