From 67a20d450d28f9383431bc40dc29c7fe0782c3db Mon Sep 17 00:00:00 2001 From: Aram Grigoryan <132480+aram356@users.noreply.github.com> Date: Thu, 15 Jan 2026 14:13:56 -0800 Subject: [PATCH] Added instructions for importing certificates into differerent OSes --- CLAUDE.md | 1 + README.md | 45 ++++++++++++++++++++++++++++++++---- scripts/mkcert/entrypoint.sh | 20 +++++++++++++++- 3 files changed, 61 insertions(+), 5 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 03359dd..3c4a63d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -37,6 +37,7 @@ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keyc ## Configuration Environment variables (set in `.env`): + - `DOMAIN` - Domain name for SSL cert (default: `localhost`) - `UPSTREAM_URL` - URL for your local app (default: `http://host.docker.internal:3000`) diff --git a/README.md b/README.md index 2ecaef1..7e5aca4 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,47 @@ A Dockerized Caddy reverse proxy with automatic SSL certificate generation for l 4. Install the CA certificate (one-time): + Replace `local.example.com` with your configured domain. + + **macOS:** + ```bash sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./certs/local.example.com.rootCA.pem ``` + **Linux (Debian/Ubuntu):** + + ```bash + sudo cp ./certs/local.example.com.rootCA.pem /usr/local/share/ca-certificates/local.example.com.crt + sudo update-ca-certificates + ``` + + **Linux (Fedora/RHEL):** + + ```bash + sudo cp ./certs/local.example.com.rootCA.pem /etc/pki/ca-trust/source/anchors/local.example.com.pem + sudo update-ca-trust + ``` + + **Linux (Arch):** + + ```bash + sudo trust anchor ./certs/local.example.com.rootCA.pem + ``` + + **Windows (PowerShell as Administrator):** + + ```powershell + Import-Certificate -FilePath .\certs\local.example.com.rootCA.pem -CertStoreLocation Cert:\LocalMachine\Root + ``` + + If `.pem` import fails, convert to `.cer` first: + + ```powershell + openssl x509 -in .\certs\local.example.com.rootCA.pem -out .\certs\local.example.com.rootCA.cer + Import-Certificate -FilePath .\certs\local.example.com.rootCA.cer -CertStoreLocation Cert:\LocalMachine\Root + ``` + 5. Start the proxy: ```bash @@ -50,10 +87,10 @@ Note (Linux): Requires Docker Engine 20.10+ for `host-gateway` support. ## Configuration -| Variable | Default | Description | -| --------------- | ----------- | ---------------------- | -| `DOMAIN` | `localhost` | Domain for SSL cert | -| `UPSTREAM_URL` | `http://host.docker.internal:3000` | URL for your local app | +| Variable | Default | Description | +| -------------- | ---------------------------------- | ---------------------- | +| `DOMAIN` | `localhost` | Domain for SSL cert | +| `UPSTREAM_URL` | `http://host.docker.internal:3000` | URL for your local app | ## Ports diff --git a/scripts/mkcert/entrypoint.sh b/scripts/mkcert/entrypoint.sh index 3fa4f7f..464c0a7 100644 --- a/scripts/mkcert/entrypoint.sh +++ b/scripts/mkcert/entrypoint.sh @@ -18,5 +18,23 @@ else echo "Certificate already exists for ${DOMAIN}, skipping generation." fi -echo "Install CA on macOS:" +echo "" +echo "=== Install CA certificate ===" +echo "" +echo "macOS:" echo " sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./certs/${DOMAIN}.rootCA.pem" +echo "" +echo "Linux (Debian/Ubuntu):" +echo " sudo cp ./certs/${DOMAIN}.rootCA.pem /usr/local/share/ca-certificates/${DOMAIN}.crt && sudo update-ca-certificates" +echo "" +echo "Linux (Fedora/RHEL):" +echo " sudo cp ./certs/${DOMAIN}.rootCA.pem /etc/pki/ca-trust/source/anchors/${DOMAIN}.pem && sudo update-ca-trust" +echo "" +echo "Linux (Arch):" +echo " sudo trust anchor ./certs/${DOMAIN}.rootCA.pem" +echo "" +echo "Windows (PowerShell as Admin):" +echo " Import-Certificate -FilePath .\\certs\\${DOMAIN}.rootCA.pem -CertStoreLocation Cert:\\LocalMachine\\Root" +echo " If .pem import fails, convert to .cer first:" +echo " openssl x509 -in .\\certs\\${DOMAIN}.rootCA.pem -out .\\certs\\${DOMAIN}.rootCA.cer" +echo " Import-Certificate -FilePath .\\certs\\${DOMAIN}.rootCA.cer -CertStoreLocation Cert:\\LocalMachine\\Root"