search

BretFisher / compose-dev-tls

Easy Traefik TLS proxy plus certificate generation for Docker Compose local development use
The Unlicense
114 stars 23 forks source link

How to not touch`/etc/hosts`? #5

Open elft3r opened 3 years ago

elft3r commented 3 years ago

Hi Bret, thanks for creating this repo, it helped me a lot in a project.

In the README.md you mentioned that one doesn't have to touch the /etc/hosts file. I tried different versions, but in the end, I only managed to get it working by adding the URLs for all the services in the /etc/hosts file.

I'm running macOS Catalina and tried the following, but none of them worked:

Could you please tell me, what I need to do, so that I don't have to add all the URLs in the /etc/hosts file?

Thanks Jochen

BretFisher commented 3 years ago

What URL are you trying to use?

elft3r commented 3 years ago

I'm currently using the URL scheme: *.elft3r.lol

BretFisher commented 3 years ago

If using your own domain, you need to change it's DNS to 127.0.0.1 including a wildcard entry:

Markup on 2020-10-08 at 11:25:31

BretFisher commented 3 years ago

Once DNS is fixed, if using a domain you control, you can also try out trusted certs rather than self-signed, see #4

danielporto commented 3 years ago

Hello Bret, thanks for this nice project! I'm also having the same issues as OSX wont allow to edit the /etc/hosts file. (it is possible but required to reboot in and disable security fences)

One simpler alternative (and portable across systems) would be adding to the docker-compose a simple dns forwarder, including the custom domain, then edit the network configuration to add a dns server pointing to 127.0.0.1 Thus, the system will work with an extra dns when the container is up.

for example: 

services:

  coredns:
    image: coredns/coredns:1.8.0
    ports:
      - 53:53
      - 53:53/udp 
    volumes:
      - ./coredns/dev/Corefile:/etc/coredns/Corefile
      - ./coredns/dev/local.dev.domain:/etc/coredns/local.dev.domain
    command: -conf /etc/coredns/Corefile

./coredns/dev/Corefile:

local.dev {
  file /etc/coredns/local.dev.domain
  log  
}
. {
    forward . 8.8.8.8
    log
}

./coredns/dev/local.dev.domain:

$TTL 60
$ORIGIN local.dev.
@                   IN  SOA sns.dns.icann.org. noc.dns.icann.org. (
          2017042745 ; serial
          7200       ; refresh (2 hours)                
          3600       ; retry (1 hour)           
          1209600    ; expire (2 weeks)             
          3600       ; minimum (1 hour)             
          )
@                   IN A     127.0.0.1
*.local.dev.     IN A     127.0.0.1

Name resolution works fine. Internet connection also worked. However there seem to have a small issue somewhere that make the browser refuse the certificate. This is not a complete solution yet, I need to figure out what is different between the responses from coredns and the one that reply to brat.lol. dig output did not show anything different that explain why the certificate is not being accepted.