I've attempted to set up a wildcard *.localhost for HTTP and HTTPS with Nginx proxying requests to localhost:3000. DNSmasq is used for resolving *.localhost to 127.0.0.1.
Everything works fine for HTTP, but HTTPS connections receive the following error in Google Chrome:
There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
The certificate is a self-signed certificate that I've added to Chrome via settings, and was generated with the following command:
openssl req -x509 -sha256 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -days 3650 -nodes
The Subject is as follows:
Subject: C=AU, ST=Western Australia, L=Perth, O=Zephon, CN=*.localhost
My Nginx config is as follows:
server {
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/localhost.crt;
ssl_certificate_key /etc/nginx/ssl/localhost.key;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
}
}
Best Answer
So ultimately the answer seems to be that you simply can't create a certificate for
*.localhostthat Chrome will accept.My solution was to change to using
*.dev.localhostinstead, which worked a treat.