Added instructions for importing certificates into differerent OSes

CLAUDE.md

@@ -37,6 +37,7 @@ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keyc
 ## Configuration
 
 Environment variables (set in `.env`):
+
 - `DOMAIN` - Domain name for SSL cert (default: `localhost`)
 - `UPSTREAM_URL` - URL for your local app (default: `http://host.docker.internal:3000`)
 

README.md

@@ -34,10 +34,47 @@ A Dockerized Caddy reverse proxy with automatic SSL certificate generation for l
 
 4. Install the CA certificate (one-time):
 
+   Replace `local.example.com` with your configured domain.
+
+   **macOS:**
+
    ```bash
    sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./certs/local.example.com.rootCA.pem
    ```
 
+   **Linux (Debian/Ubuntu):**
+
+   ```bash
+   sudo cp ./certs/local.example.com.rootCA.pem /usr/local/share/ca-certificates/local.example.com.crt
+   sudo update-ca-certificates
+   ```
+
+   **Linux (Fedora/RHEL):**
+
+   ```bash
+   sudo cp ./certs/local.example.com.rootCA.pem /etc/pki/ca-trust/source/anchors/local.example.com.pem
+   sudo update-ca-trust
+   ```
+
+   **Linux (Arch):**
+
+   ```bash
+   sudo trust anchor ./certs/local.example.com.rootCA.pem
+   ```
+
+   **Windows (PowerShell as Administrator):**
+
+   ```powershell
+   Import-Certificate -FilePath .\certs\local.example.com.rootCA.pem -CertStoreLocation Cert:\LocalMachine\Root
+   ```
+
+   If `.pem` import fails, convert to `.cer` first:
+
+   ```powershell
+   openssl x509 -in .\certs\local.example.com.rootCA.pem -out .\certs\local.example.com.rootCA.cer
+   Import-Certificate -FilePath .\certs\local.example.com.rootCA.cer -CertStoreLocation Cert:\LocalMachine\Root
+   ```
+
 5. Start the proxy:
 
    ```bash
@@ -50,10 +87,10 @@ Note (Linux): Requires Docker Engine 20.10+ for `host-gateway` support.
 
 ## Configuration
 
-| Variable        | Default     | Description            |
-| --------------- | ----------- | ---------------------- |
-| `DOMAIN`        | `localhost` | Domain for SSL cert    |
-| `UPSTREAM_URL`  | `http://host.docker.internal:3000` | URL for your local app |
+| Variable       | Default                            | Description            |
+| -------------- | ---------------------------------- | ---------------------- |
+| `DOMAIN`       | `localhost`                        | Domain for SSL cert    |
+| `UPSTREAM_URL` | `http://host.docker.internal:3000` | URL for your local app |
 
 ## Ports
 

scripts/mkcert/entrypoint.sh

@@ -18,5 +18,23 @@ else
     echo "Certificate already exists for ${DOMAIN}, skipping generation."
 fi
 
-echo "Install CA on macOS:"
+echo ""
+echo "=== Install CA certificate ==="
+echo ""
+echo "macOS:"
 echo "  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./certs/${DOMAIN}.rootCA.pem"
+echo ""
+echo "Linux (Debian/Ubuntu):"
+echo "  sudo cp ./certs/${DOMAIN}.rootCA.pem /usr/local/share/ca-certificates/${DOMAIN}.crt && sudo update-ca-certificates"
+echo ""
+echo "Linux (Fedora/RHEL):"
+echo "  sudo cp ./certs/${DOMAIN}.rootCA.pem /etc/pki/ca-trust/source/anchors/${DOMAIN}.pem && sudo update-ca-trust"
+echo ""
+echo "Linux (Arch):"
+echo "  sudo trust anchor ./certs/${DOMAIN}.rootCA.pem"
+echo ""
+echo "Windows (PowerShell as Admin):"
+echo "  Import-Certificate -FilePath .\\certs\\${DOMAIN}.rootCA.pem -CertStoreLocation Cert:\\LocalMachine\\Root"
+echo "  If .pem import fails, convert to .cer first:"
+echo "  openssl x509 -in .\\certs\\${DOMAIN}.rootCA.pem -out .\\certs\\${DOMAIN}.rootCA.cer"
+echo "  Import-Certificate -FilePath .\\certs\\${DOMAIN}.rootCA.cer -CertStoreLocation Cert:\\LocalMachine\\Root"