Required? That’s quite a commitment. Is this a Cloudflare thing?
There are specific TLD which are required at the DNS level to be served over HTTPS. .dev is an example. The browser will physically not load a .dev domain over anything but HTTPS.
Comment on Self hosting and HSTS preload domains
just_another_person@lemmy.world 2 weeks ago
Required? That’s quite a commitment. Is this a Cloudflare thing?
All it really means is that you have to advertise some metadata about your max-age and (sub)domains associated with whatever the domain is. If you’re only planning to serve over HTTPS, and you have a bulletproof refresh workflow for your certs, it’s not going to be a huge issue. Clients need to respect HSTS first, so if your clients don’t check, it’ll still function.
If you’re just using internal or VPN traffic, there’s literally no point in using it EXCEPT to satisfy client requirements.
Can you expound a bit more on this requirement btw? Now I’m curious.
Xanza@lemm.ee 2 weeks ago
just_another_person@lemmy.world 2 weeks ago
Yeah, I got that, but this is an internal system OP is discussing. DNS forwarder and VPN. Solved.
wildbus8979@sh.itjust.works 2 weeks ago
Google owns a could of TLDs (.app, .dev, etc) and they preloaded all of them 😒
just_another_person@lemmy.world 2 weeks ago
[deleted]wraith@lemmy.ca 2 weeks ago
I think you meant to reply to me! I actually do need it to be accessible externally, via a VPN or other means.
wraith@lemmy.ca 2 weeks ago
Google requires HSTS preload for all of their domains. Charleston Road Registry (their subsidiary), enforces this by adding the TLD to the HSTS preload list.
Here is the Wikipedia link to the TLD. It’s at the bottom.
just_another_person@lemmy.world 2 weeks ago
Yeah, but you’re saying this is going to be used internal to you only, right? No public facing exposure?
wraith@lemmy.ca 2 weeks ago
I will need it to be available via a VPN or other means, but it’s not going to be any more public-facing than it has to be.
just_another_person@lemmy.world 2 weeks ago
Right, so if it’s going to JUST be available over VPN, you don’t need to use a public TLD, DNS, or HSTS at all. Why use the public TLD with these requirements and expose private IP address space over public DNS if it’s solely purpose isn’t going to be consuming publicly?