Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: I made a tool to HTTPS your localhost (lokal.so)
87 points by rubi1945 on July 21, 2024 | hide | past | favorite | 50 comments
It's been 4 month since I work on Lokal full-time, I finally feel confident to share it publicly on YCombinator.

Lokal is a software for Tunneling, Local Development, and HTTP Debugging, It's support HTTP, TCP and UDP Tunnel.

The different with other tunneling solution is that Lokal has mDNS support with https enabled by default, while other might be only offer public-facing tunnel service.

On the latest version 0.3.0, Lokal support Self-hosted Lokal Tunnel Server, which allow you to use your own domain and your own VPS, allow you to have Premium but self-hosted Tunneling Solution.

Download -> Lokal.so/download Self-hosting Tutorial -> https://docs.lokal.so/lokal-server/installation/



Congratulations on the launch! How does the remote -> local tunneling work? The docs you linked are a little unclear to me.

How does this differ from something like Localcan, which seems to offer the same features? https://www.localcan.com/

For what it's worth, I'll mention that I have an open-source application, Localias [0], that does the same local https development + mDNS support for HTTP/TCP/UDP traffic. Localias doesn't support traffic inspection or remote -> local tunneling, but it's open source, built on caddy, and works on mac/linux/wsl2. It's a statically built binary and you can share your configs with your whole dev team in your git repo.

[0] https://github.com/peterldowns/localias


hi, I do have make premium comparison here with another vendor:

https://docs.google.com/spreadsheets/d/1BzvPRA2ZK5ekSaTV5vyr...


it is indeed has .local address, but does it have built-in auth plugin? request and response manipulation?, AI Assistant, JSON debugging capabilities and even the File Preview feature?, I don't think they can compete with Lokal right now


Why not just self sign a local cert? Its really easy to do (ask an AI for a relevant example in your language of choice)


Yep, this is what I do using mkcert [0] and it works great. One-time setup of 15m to install certs on your dev devices.

[0] https://github.com/FiloSottile/mkcert


+1 for mkcert. You can juggle all the openssl dance moves if you want, it’s a decent learning exercise. After you’ve done that once though, and if you only need it for local dev… yeah just use mkcert


I recently found that Tailscale supports procuring real Let's Encrypt certificates for the machines on your private network. So all you have to do on the clients is install Tailscale, which I think is a little easier than trusting self-signed certificates.


You can also do this yourself with a domain you own and control. I have done it as well when I wanted SSL on my local LAN. My lan is also assigned a real domain so applying a cert is easy to any of my machines.


interesting found, while the primary purpose of tailscale are easier P2P connection, I might take a look how this real Let's Encrypt certificate are being used for .local/custom FQDN and implement it on Lokal, appreciate it.


To do it they assign the host a subdomain under .ts.net. But your private host isn't exposed to the public internet, I assume they just have a dummy host there to respond to the ACME challenge from Let's Encrypt. When you have the Tailscale VPN installed, I assume it overrides the DNS for ___.ts.net to point to the private IP of your local host.


https://tailscale.com/blog/tls-certs

Go implementation at the end of article.


One downside of self-signed certs is that browsers will to upgrade all localhost ports to HTTPS thanks to HSTS. In practical terms, that meant:

- we needed to upgrade all dev servers to serve both HTTPS and HTTP. - we downgraded server to server comms to HTTP (something about invalid cert chain)

I think the ideal solution is to use “local” domain names but that requires a DNS resolver (via Tailscale or similar).


I run some software on a raspberry pi at home. This pattern works very well for me:

- services exposed via caddy(configured to use my domain on cloudflare for SSL)

- my lan dns resolver(adgaurd home) is configured to rewrite these domains to local IP. Specifically, the rewrite rule looks like `homeassistant.mydomain.com -> rpi.lan`

- Cloudflare tunnel on the rpi for services I want to access outside. I've it configured to require Google auth via cloudflare zero trust(free)

The neat part of this setup is that when I access a service when I'm at home, it works as expected completely locally including https.

If I try to access the service through the public internet, it will still work on the exact same domain and also have proper auth through cloudflare. This way I can access anything on the internet from my home server without worrying about security.

Cloudflare tunnel also offers some other cool things like ssh on your browser(which again uses the previously mentioned Google auth) if you need it.


It only requires an entry in the local hosts file?


I need to map localhost:3000. Ports aren't a part of the hostname, so I can't use /etc/hosts.


In that case a DNS resolver wouldn't help either, unless all your clients perform SRV record lookup.


Here's a batteries-included local-first dev-environment which does that in order to compartmentalize your credentials:

https://github.com/legobeat/l7-devenv

Something like Lokal might till be useful here to facilitate remote collaboration by providing a tunnel (ie I can connect to your local session behind NAT without you opening ports or connect to VPNs etc).


interesting use case....


It's not easy to trust them imo. Browser (rightfully) make it scary sounding, and offhand i don't expect most people know how to install them without the scary warnings (i don't, despite running some locally).


Or why not just use a real cert? Getting a wildcard cert is trivial, as is creating a locally resolving DNS record for your local machine.

For tunneling, how is this different / better than ssh -L?


I don't think real certificate provider could work with .local mDNS address as they need to do some public verification going on

the second answer is, ssh -L are just pretty slow on concurrent request, I might think it's just bloat as there is so much thing happen on ssh that not required for tunneling, also it doesn't do vhost natively as on Lokal you can just choose which domain you want to use, and it's just works...


You can easily have localhost.whateverdomain.whatever for any and all domains and still use virtualhosting. Seems like a solution looking for a problem.


yes, sure thing it's really easy to do and makes your focus changed on making local https working instead of building your real product

https://chatgpt.com/share/9cc6ab14-e777-45a6-92b8-c58bbfb433...


This product seems similar to Ngrok and some other solutions. How does this product differentiate itself from everyone else?


Hi, I make detailed comparison on excel about this question

https://docs.google.com/spreadsheets/d/1BzvPRA2ZK5ekSaTV5vyr...

basically ngrok's traffic inspection is only available by last month, right, they are old player but pretty late on shipping things.

also, we had an AI Assistant.


Please share this information in a non Google, non Microsoft format. Perhaps make it a plain HTML page or PDF and link it directly from your primary website.


I see, thank you for your suggestion

Here I made temporary image version (basically screenshotting the google sheet)

https://download.lokal.so/vendor-comparison.png


Having a .local suffix doesn't really seem like a feature. Also, I still don't see why this is better than ngrok. If anything, I'd turn it down because there's functionality (an AI assistant) that I don't want.


Thanks.


Shouldn't the watchtower docker config be configured to only monitor and update the lokal-server container and not every container on the host?

WATCHTOWER_LABEL_ENABLE env set to true on watchtower

com.centurylinklabs.watchtower.enable label set to true on lokal-server


you are correct, appreciate it for the report , I will change the docs on self hosted deployment.


You lost me at "AI assistant help".


Congratulations! We all know how difficult it is to launch a working product. Looks like you are trying something similar to what we do at https://pinggy.io/

LAN-Wide Accessible .local address looks like a super useful feature!


Won't this break Bonjour/Zeroconf .local announcements from hosts? Should you be using .local at all?


no sir, the default .local are still accessible

on Macbook, you could check General > Sharing > scroll the bottom and you will see something like RUBIs-MacBook-Pro.local, and it's still working.


Looks good.

I've been using Cloudflare's thing ("tunnel", I think) for the basic functionality, but I see this does additional things. If I ever want to do those things (or I just decide I want to try something different) I'll keep this in mind.


What all can the "AI Assistant" do?


I want it to be able to receive command to resend and modify a request

but I will never get it into launch if all I thinking is to add more features

so currently it's only providing related information of inspected request to the chat session, so our user don't manually copying context again to a chatgpt or similar.


Intriguing, but I think VS Code's built in GitHub tunneling support is enough for me.


The page is blank for me. Fennec on android


Too. many. features


I have some Anxiety feeling if the product being too few features.


Great video!


thank you :)

I'm trying to record my self talking while operating something on my computer, I give up after 20+ retake, and end up pivoting to this kind of video.


congrats on the launch!


After looking at your web page and your HN post for 1 minute each, I have no clue what your software is doig, where it is running, whether it is open source, how much a subscription costs etc.

It's also confusing to me that the title says HTTPS, the post says HTTP.

The use of HTTPS in the HN post title as a verb makes it incomprehensible for me. Are you planning an HTTPS-basef network attack on the computers of all HN users? Probably not. But then why do you suggest it in the title? Why not write a title which is easy to understand, using common verbs?


You forgot the "AI Assistant help" part.

I was actually interested in the tool, but closed the page as soon as I saw this.

I don't need any AI from a tool that "gives me HTTPS on localhost". If I need AI Assistant, I know where to go. Thanks.


I'm sorry If any of my narration makes you misunderstood

the AI did not give you https on localhost

the AI only assisting based on your question


pardon me for my bad english, english was not my native language and yet I forgot to use AI to correct my title

basically the title only say 10% of what this software can do, the other feature as visible on Lokal.so site

people might call it ngrok alternative, well it could, but ngrok doesn't have features like Lokal's do

so what's this software basically do is:

Share: your localhost with Public and https .local Address Debug: What's Incoming, Replay without triggering real WebHook Develop: further with AI Assistant help!

if you still don't understand about what this software could do, I'm afraid I'm running out of word to explain this on your-own terms.

appreciate it


[flagged]


Hi, what channel you suggest for this kind of product?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: