Update on 2024/06/10: Thanks to your great support, it's been downloaded for more than 2,000 times! And we're pleased to announce that it's live on...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
This looks like it's only for MacOS. As such, I'd recommend people use something else that's not limited like that - maybe something containerised like a traefik or nginx proxy, or something like ddev if you're doing PHP work.
I'm working on supporting other platforms such as windows as well!
It looks like you didn't read the article correctly. Ophiuchi is not a service that's meant to be used as an API gateway for deploying to the cloud like traefik.
It's built for localhost development aid tool to help you setup ssl proxy easily on your machine without any CLI nonsense or installing whatever needed to mess up your system.
Whether you're using php, node.js, next.js, react, flask,... doesn't matter.
Anything that runs locally on localhost:whateverport can be transformed into ssl domain locally with Ophiuchi.
It indeed uses docker and nginx proxy to route traffic over localhost environment as mentioned in the post.
It's containerized and managed by the application.
I use a traefik docker image (and used to use nginx) as a proxy, which acts as the SSL endpoint - it doesn't do anything to do with cloud APIs so I'm not sure what you mean?
And while I do need to do some "CLI nonsense", in terms of adding the docker image and editing my hosts file, we both need to install something to get it to work!
Ben, this article says that this app does everything automatically for you, so you don't have struggle with installing nginx on your local machine or working with configuration files yourself manually.
Even if you use traefik docker image, you still need to write and maintain configuration files yourself MANUALLY. Btw, traefik is intended to aid you in infrastructure management. See here: github.com/traefik/traefik
The app edits the hosts file for you, pulls nginx and creates docker container and launches it for you, generates self signed ssl certs (which is a p-i-a if you do it yourself), nginx configurations for you, all the proxy configs are managed in a GUI manner so that you don't need to do that and you don't have to install a thing.
Thank you for your comment but please read the article thoroughly.
Sincerely,
I've read the article thoroughly and I have an immediate concern: it'll require elevated permissions to edit your hosts file and (potentially) your keychain, but the source code isn't available, which makes it potentially insecure as far as I'm concerned.
It's essentially a wizard in front of the same sort of proxy I use, but you also say, "integrated web server" which piques my interest. Are you also using nginx to serve a static directory somewhere?
I'm sorry but I didn't get that it was your project because the post reads like you were giving a tutorial for an app you found rather than one you wrote yourself.
How about a suggestion? If you're running a web server as part of the project, why not make the UI use a web interface as well? That way you could make it run on any platform without having to develop for different toolkits.
Thank you for taking the time to read the article and share your concerns.
Yes, I am indeed the developer of this app, and I appreciate your feedback. I understand the importance of trust and security when it comes to applications that require elevated permissions.
I want to assure you that the app is designed to be transparent about the permissions it requires and the actions it will perform. It will only proceed with your explicit consent. As per your concerns, I'll consider adding an alternative way to copy & paste method for user's manual terminal input when requiring elevated privileges!
I understand if you prefer not to use it if you have reservations about its security.
Regarding your suggestion about using a web interface, while it's an interesting idea, it's currently not within the scope of the app's intended features and roadmap. However, I'm always open to feedback and suggestions for future improvements.
If you have any further questions or concerns, please feel free to reach out via the Discord link provided at the bottom of the article. Thank you again for your input.
Sincerely,
cheeselemon
the windows version is not out yet. when is it coming?
By the way, I just published a post about what you're talking about: Simplifying Local Development with Docker, mkcert, dnsmasq, and Traefik. It covers using containerized solution and tools like Traefik to make local development more versatile and not limited to MacOS. Check it out!
FiloSottile/mkcert for the impatient (Windows/Linux) devs that don't want to wait for the app to get launch on their platform.
And this is open-source, so you can actually take a look at how it is done behind the scenes.
This is nice. Thanks for your suggestion!
I came hoping to see some LetsEncrypt automation, but a mere automation of the generation of a certificate and then trusting it - that I didn't expect.
Also ngrok.com/ helps you share your dev server with other people (and much more)
My solution: I created private root and intermediate certificate authorities and made a certificate with them to a wildcard domain (*.dev.home).
And every single project has its subdomain.
I followed this article series: jamielinux.com/docs/openssl-certif...
"Why would anyone need to setup ssl for a localhost development?"
I do. I have a project that uses Emscripten, a layer over WebAssembly, which allows me to run C++ inside the browser. (it's a lot of work and not for everybody, but I need the numbercrunching performance.)
The C++ is all in a JS shared buffer. I need it to be shared cuz I'm running multiple threads with pthreads/workers, and they all work on the same data structures. The security arm-twisters have decided that the only way you can do that is if you run your site https, with a handful of extra headers thrown in, even for local dev.
I have my self-signed certificate, and every morning I have to confirm, yes, I want to run this dangerous untrusted site. I started this years ago and Ophiuchi wasn't around. Would have been easier.
Try it out: squish.tactileint.org/?intro=1
Ehi man,
this looks very nice!
I use local tunnels almost every day and I've tried a lot of solutions.
Your one looks promising but man, I won't never install a black box which requires so many privileges!
BTW, good job!
Thank you for your feedback.
I too understand your concerns regarding security. Rest assured, this app is securely coded and notarized by Apple to ensure the highest level of security.
Additionally, I'm currently working on providing flexibility for the users. I’ll offer extra alternative methods for applying the changes, either through copy & paste or by providing detailed instructions.
Thanks,
Looks interesting, but I think developers would need something more automatable/scriptable
Thank you for your feedback.
I agree that devs would need automation/scripting features, can you provide some further ideas or insights on how to achieve that in this app? =)
That's my point. The app should just be the UI over a running process.
The fact that it can turn the task that used to take hours into something that takes seconds is incredible. I can definitely see myself incorporating Ophiuchi into my workflow.
Thanks a lot Monika!
Is this opensource? I would like to make some contributions if possible.
Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
github.com/cheeselemon/ophiuchi-de...
Thank you.
Thanks to great support from everyone, It's been downloaded more than 2,000 times! And we're pleased to announce that we're launching Ophiuchi on ProductHunt, please visit and upvote!
producthunt.com/posts/ophiuchi
Hey? is it open source?
Hey, we've decided to open-source our application. Please check it out here and feel free to contribute if you wish:
github.com/cheeselemon/ophiuchi-de...
Just got MacOs, I'm a very happy man hehe
Congrats on your GET! 🙌
Thank you! :)
My fake self-signing certificates, are still my buddies.
looks awesome, i will try it out, does this consider an alternative for mkcerts ?
Thank you .
It's not a direct replacement. I just wanted to gen & trust self-signed certificate by domain basis with GUI, without creating or manipulating host settings.
I would prefer ngrok or localhost.run as they give us actual url which we can even share to people also free SSL
I believe ngrok is a valid choice when considering public urls!
Anyone getting 502 error?
Please report any bugs & questions via the discord channel and I will be happy to assist, thanks!
(link is at the end of the article)
All the .net developers are like "we've had zero-touch SSL setup for localhost for a decade at least now".
So True! 🤣
It's look amazing, I typically use caddy for this. I will give a try.
I appreciate your effort 🥳
Thank you for your kind support! I'll keep working on improving the app! 🙌
Developers use Linux, what about Linux support?
Of course linux support is also coming!
Nice, sad there is no version for windows.
Thank you! I'm planning to work on Windows/Linux as well. Please follow my twitter account for more updates! 😊
This looks awesome 🔥
Thanks a lot!
This is a great project, but what;s wrong with ngrok ?
I honestly don't know.
Free and open source alternatives to this have existed since at least 2018. Why you'd re-invent, closed with more setup is disappointing.
All the "I've explained this in the article", ignores that other articles doing the same for software folks understand also exists:
There are literally hundreds of tutorials for mkcert, and for just using tools without mkcert. Where do you get-off with this?
Please ask postman why they "re-invented" when developers instead can use something like curl to test rest apis already? 😄Why why did xerox invent the mouse when people could already use keyboards to navigate?
Constructive critism please. 🙏🏻
When I try to use this application. I do the following steps:
On Windows and macOS you can use *.localhost which automatically works in the browser without adding it to the hosts file.
Amazing! Can't wait to come out for Windows/Linux!
Birane niang Sénégal
Who is from senegal?