Why use local domain names
Often it's useful to be able to assign local domain names to ingresses served by a local IO. This lets us run multiple services on our development systems and access our services using DNS and HTTPS, just as we would in production.
Here are some tips that make this easy.
Put local domains in /etc/hosts
First, you'll need some domain names for your local services. On Linux and MacOS, you'll put these in /etc/hosts. The names should all point to 127.0.0.1.
Here are some that I added on my laptop:
127.0.0.1 doc grumpy happy sleepy bashful sneezy dopey
Create IO ingresses with your local names
Next use IO to create an ingress that uses one of your local names. It can point to any backend. If you're just getting started, use internal:echo.
Then use IO to generate a self-signed certificate for your ingress.
Get your IO's root certificate
Now if you try to call your service with curl or a browser, you'll get errors saying that your self-signed certificate is untrusted. To fix that, we first get the root certificate that IO uses to sign its self-signed certificates.
ssh localhost -p 2200 -- get certificates io -f pem > ~/Downloads/io.pem
This certificate is always named io and is randomly generated if you don't already have one. It is unique to your IO instance, but if you have multiple development systems, you might want to install the same certificate in some of your other IO instances. You can get an installable version in IO's HCL format with an SSH command:
ssh localhost -p 2200 -- get certificates io -f hcl > ~/Downloads/io.hcl
One easy way to install this in another IO is to use IO's put command over SSH:
ssh remote -p 2200 -- put < ~/Downloads.io.hcl
Use your IO's root certificate
Curl
Now you can use your root certificate with curl:
curl --cacert ~/Downloads/io.pem https://happy
Firefox
You can use your root certificate with Firefox by adding it to Firefox's trust store. For instructions, see Automatically trust third-party root certificates.
Chrome
You can use your root certificate with Chrome by adding it to Chrome's trust store. To do this, go to the Chrome Certificate Manager.
Ubuntu
Depending on your operating system, you may also be able to add your root certificate to your local machine's trust store. Here's how I do that on Ubuntu:
sudo cp ~/Downloads/io.pem /usr/local/share/ca-certificates/
sudo update-ca-certificates