While messing around with the new Mac Mini I’ve been trying to learn more about Orbstack, Docker, Traefik, etc… It’s been a little bit of a mess, but I’m getting the hang of it. One thing that needed fixing was the certs.
I’m accessing these sites from invalid domain names, and they aren’t meant to be accessible from the internet (yet), so I’m not going the Let’s Encrypt route for most of them. This means they’ll need to have these domains names mapped with their Tailscale IP address in your /etc/hosts file.
The next step is generating certs for them so that you don’t get an annoying popup anytime you want to visit them. You can do this by running:
mkdir -p certs && openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem -subj "/CN=< your app >.docker.localhost" -addext "subjectAltName = DNS:< your app >.docker.localhost"Which will dump them in a handy certs folder next to your docker-compose.yml file. Take the produced cert.pem file and import it into your laptop’s Keychain Access. Navigate to the new cert, then select Trust, then set Always Trust for the When using this certificate option.
Restart the browser for good measure, and you should be good to go (as long as your actual Docker container is configured correctly).
This is a collection of my cybersecurity notes & projects.
I graduated from Dakota State University with a MS in Cyber Defense & BS in Cyber Operations. Since then I've worked as a Malware Analyst with the U.S. Army Cyber Command, and am now a Web Application Security Consultant.
I'm a big fan of open security standards for applications and workflow automation when it comes to security testing. The easier it is to identify and replicate, the more secure everyone's apps can be! My other writings and projects are scattered across the web, but can be found in the links page.
Contact me: