compose-dev-tls icon indicating copy to clipboard operation
compose-dev-tls copied to clipboard

Published 20 hours ago verified publisher icon BretFisher

How to not touch`/etc/hosts`?

Open elft3r opened this issue 4 years ago • 5 comments

Hi Bret, thanks for creating this repo, it helped me a lot in a project.

In the README.md you mentioned that one doesn't have to touch the /etc/hosts file. I tried different versions, but in the end, I only managed to get it working by adding the URLs for all the services in the /etc/hosts file.

I'm running macOS Catalina and tried the following, but none of them worked:

  • adding just the base URL in the /etc/hosts file
  • adding a wildcard in the /etc/hosts file, but wildcards are not supported here

Could you please tell me, what I need to do, so that I don't have to add all the URLs in the /etc/hosts file?

Thanks Jochen

elft3r avatar Oct 08 '20 14:10 elft3r

What URL are you trying to use?

BretFisher avatar Oct 08 '20 15:10 BretFisher

I'm currently using the URL scheme: *.elft3r.lol

elft3r avatar Oct 08 '20 15:10 elft3r

If using your own domain, you need to change it's DNS to 127.0.0.1 including a wildcard entry:

Markup on 2020-10-08 at 11:25:31

BretFisher avatar Oct 08 '20 15:10 BretFisher

Once DNS is fixed, if using a domain you control, you can also try out trusted certs rather than self-signed, see #4

BretFisher avatar Oct 08 '20 15:10 BretFisher

Hello Bret, thanks for this nice project! I'm also having the same issues as OSX wont allow to edit the /etc/hosts file. (it is possible but required to reboot in and disable security fences)

One simpler alternative (and portable across systems) would be adding to the docker-compose a simple dns forwarder, including the custom domain, then edit the network configuration to add a dns server pointing to 127.0.0.1 Thus, the system will work with an extra dns when the container is up.

for example:

services:

  coredns:
    image: coredns/coredns:1.8.0
    ports:
      - 53:53
      - 53:53/udp 
    volumes:
      - ./coredns/dev/Corefile:/etc/coredns/Corefile
      - ./coredns/dev/local.dev.domain:/etc/coredns/local.dev.domain
    command: -conf /etc/coredns/Corefile

./coredns/dev/Corefile:

local.dev {
  file /etc/coredns/local.dev.domain
  log  
}
. {
    forward . 8.8.8.8
    log
}

./coredns/dev/local.dev.domain:

$TTL 60
$ORIGIN local.dev.
@                   IN	SOA sns.dns.icann.org. noc.dns.icann.org. (
          2017042745 ; serial
          7200       ; refresh (2 hours)				
          3600       ; retry (1 hour)			
          1209600    ; expire (2 weeks)				
          3600       ; minimum (1 hour)				
          )
@                   IN A     127.0.0.1
*.local.dev.     IN A     127.0.0.1

Name resolution works fine. Internet connection also worked. However there seem to have a small issue somewhere that make the browser refuse the certificate. This is not a complete solution yet, I need to figure out what is different between the responses from coredns and the one that reply to brat.lol. dig output did not show anything different that explain why the certificate is not being accepted.

danielporto avatar Feb 13 '21 13:02 danielporto