domain selection guide - nself-org/cli GitHub Wiki
-
local.nself.org(Recommended)- โ Automatic wildcard SSL certificate
- โ No /etc/hosts configuration needed
- โ Works immediately out of the box
- โ Resolves to 127.0.0.1 globally
- Example:
https://api.local.nself.org,https://admin.local.nself.org
-
*.localhost(Modern browsers)- โ Auto-resolves in Chrome, Firefox, Edge (no /etc/hosts needed)
- โ SSL certificates set up automatically during build
- โ Clear indication it's local development
- ๐ One-time sudo password during
nself build - Example:
https://api.localhost,https://myapp.localhost
-
.testdomains (Custom but standard)- โ Reserved TLD for testing (RFC 6761)
- โ /etc/hosts configured automatically during build
- โ SSL certificates set up automatically
- โ Won't conflict with real domains
- ๐ One-time sudo password during
nself build - Example:
https://myapp.test,https://api.myapp.test
-
Port-based localhost (Simplest, no subdomains)
- โ Works everywhere immediately
- โ No subdomain support
- โ Services on different ports
- Example:
http://localhost:8080,http://localhost:3005
-
.local- Reserved for mDNS/Bonjour, causes conflicts on macOS/Linux -
.dev- Real TLD with forced HTTPS (HSTS), won't work locally -
.app- Real TLD with forced HTTPS (HSTS), won't work locally -
.io,.com,.org- Real TLDs, could conflict with actual sites
During nself build, we automatically:
- Install mkcert if needed (via brew)
- Set up the local certificate authority
- Generate wildcard SSL certificates
- Configure nginx to use HTTPS
The only thing you might see: A one-time sudo password prompt to trust the certificates.
| Domain Type | SSL Setup | User Action Required |
|---|---|---|
local.nself.org |
Pre-configured wildcard cert | None |
*.localhost |
Auto-generated during build | One-time sudo password |
.test domains |
Auto-generated during build | One-time sudo password |
| Custom domains | Auto-generated during build | One-time sudo password |
$ nself build
โ Checking environment...
โ Installing mkcert... (if needed)
โ Setting up certificate authority... (may ask for sudo password once)
โ Generating SSL certificates...
โ Configuring nginx...
โ Build complete!That's it! Your services will be available via HTTPS automatically.
| Domain | Chrome | Firefox | Safari | Edge |
|---|---|---|---|---|
localhost |
โ | โ | โ | โ |
*.localhost |
โ v89+ | โ v90+ | โ v15+ | โ |
local.nself.org |
โ | โ | โ | โ |
.test domains |
โ | โ | โ | โ |
nself automatically handles /etc/hosts during nself build:
- Detects which domains need entries
- Prompts once for sudo to add them
- Updates are non-destructive (preserves existing entries)
# nself entries (added automatically)
127.0.0.1 myapp.test
127.0.0.1 api.myapp.test
127.0.0.1 hasura.myapp.test
127.0.0.1 admin.myapp.test
127.0.0.1 storage.myapp.testNote: For localhost and local.nself.org, no /etc/hosts changes are needed!
The nself wizard now offers these options:
- local.nself.org - Zero configuration, just works
- localhost with subdomains - Modern browser support, optional mkcert
- Custom domain - Full control, requires setup
- Port-based localhost - No subdomains, different ports
The nself wizard keeps it simple with just three options:
- local.nself.org (recommended) - Press enter and it works
- localhost - Universal fallback option
- Custom prefix - Add your project name
# Old (problematic)
BASE_DOMAIN=myapp.local
# New (recommended)
BASE_DOMAIN=myapp.test # Custom with /etc/hosts
BASE_DOMAIN=myapp.localhost # Auto-resolves in modern browsers
BASE_DOMAIN=local.nself.org # Zero configurationJust run nself build again! It will:
- Detect your current domain configuration
- Install mkcert if needed
- Generate appropriate certificates
- Update nginx configuration
- You'll only be asked for sudo password once
$ nself build
# Automatically handles everything!If you prefer to set up certificates manually:
# nself build will detect and use these
mkdir -p .certs
cd .certs
mkcert -cert-file localhost.crt -key-file localhost.key localhost *.localhost