.localhost Domains

(inclouds.space)

301 points todsacerdoti | 1 comments | 10 Apr 25 14:19 UTC | HN request time: 0s | source

Show context

octagons ◴[10 Apr 25 15:58 UTC] No.43645228[source]▶

Against much well-informed advice, I use a vanity domain for my internal network at home. Through a combination Smallstep CA, CoreDNS, and Traefik, any services I host in my Docker Swarm cluster automatically are immediately issued a signed SSL certificate, load-balanced, and resolvable. Traefik also allows me to configure authentication for any services that I may not wish to expose without such.

That said, I do recommend the use of the internal. zone for any such setup, as others have commented. This article provides some good reasons why (at least for .local) you should aim to use a standards-compliant internal zone: https://community.veeam.com/blogs-and-podcasts-57/why-using-...

replies(2): >>43645339 #>>43645906 #

hobo_mark ◴[10 Apr 25 16:10 UTC] No.43645339[source]▶

>>43645228 #

I added a fake .com record in my internal DNS that resolves to my development server. All development clients within that network have an mkcert-generated CA installed.

Not so different from you, but without even registering the vanity domain. Why is this such a bad idea?

replies(4): >>43645645 #>>43645706 #>>43648413 #>>43651367 #

1. szszrk ◴[10 Apr 25 16:43 UTC] No.43645706[source]▶

>>43645339 #

For home it's not that bad, but there could be conflicts at some point. Your clients will send data to the Internet unknowingly when dns is missconfigured.

It's better to use domain you control.

I'm a fan of buying cheapest to extend (like .ovh, great value) and use real Let's Encrypt (via dns challenge) to register any subdomain/wildcard. So that any device will have "green padlock" for totally local service.

↑