Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
container-shell
Starts and attaches a sandboxed shell using docker with access to the current or project directory
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
We built something similar for docker-compose based projects: https://gitlab.com/hukudo/ingress
If you don't need a GUI, the following combo works pretty well:
- https://github.com/abiosoft/colima
- https://github.com/peterldowns/localias
Just use orbstack, it gives you https and hostnames.
Shameless plug: https://github.com/jrz/container-shell in combination with orbstack. Isolated dev environment, easy to use, local tools, https
I have another personal solution [0]. It's a DNS server that also gets a wildcard certificate and make it available with a secret. This is definitely in the convenience over security relm, but it resolve any pattern prefix-123-123-123-123-suffix.example.com to the enclosed ip (e.g. 123.123.123.123). It will resolve to 127.0.0.1 or any other ip happily. Now you just need to use the associated cert and enjoy https. Works great from with k8s ingress, caddy, node.. You don't have to fiddle with your trusted store and it works for everybody. I took inspiration from https://nip.io/ for the dns part.
[0] https://github.com/jpambrun/dnsssl
I have another personal solution [0]. It's a DNS server that also gets a wildcard certificate and make it available with a secret. This is definitely in the convenience over security relm, but it resolve any pattern prefix-123-123-123-123-suffix.example.com to the enclosed ip (e.g. 123.123.123.123). It will resolve to 127.0.0.1 or any other ip happily. Now you just need to use the associated cert and enjoy https. Works great from with k8s ingress, caddy, node.. You don't have to fiddle with your trusted store and it works for everybody. I took inspiration from https://nip.io/ for the dns part.
[0] https://github.com/jpambrun/dnsssl
Some things I learned about trusted localhost HTTPS:
* Windows is the easiest... by far. There is only one trust store and its extremely easy to access at different levels of trust. Firefox has its own trust store so you can either add your certs to both the Windows store AND the Firefox trust store or flip a config in Firefox to tell it to use the Windows trust store like everyone else.
* Linux is a challenge because you have to add your certificates to the OS trust store and then each browser has their own trust stores.
* MacOS is pretty close to impossible, at least fully automated. If the cert is not registered with a third party of the OS's choosing the cert will not be trusted in the browser. The way around this is to manually add your localhost cert chain to the MacOS keychain.
If anybody wants an example here is something I wrote a ways back in JS (but please be warned its specific to my application:
* Build the certificate chain - https://github.com/prettydiff/share-file-systems/blob/master...
* Install the cert by OS type - https://github.com/prettydiff/share-file-systems/blob/master...
That second sample also installs pcap so that I can serve on localhost over ports 80/443.
I was working on something similar with https://github.com/cpendery/wock. Never finished it up, but this looks promising