How a Chrome update caused issues in our Vagrant setup
Our development team in Nannuka uses Vagrant for all local development testing.
Vagrant manages local VMs with the same configuration as our production server. So each developer can test his modification in a replica of our production environment.
The usual way to access a vagrant VM is by using a fake domain, set in OS’s hosts file. For example, for nannuka.com, our local test machine is nannuka.dev.
However, a recent change in Chrome caused us problems with that implementation. When we visited http:// nannuka.dev, Chrome redirected to https:// nannuka.dev. Since we didn’t have any ssl certificate installed in the local VMs, the site couldn’t load.
After some research, we found the reason: Chrome 63 forces .dev domains to HTTPS via preloaded HSTS.
Chrome comes with a default preloaded list of known websites with HSTS header, that forced the browser to always redirect to the SSL version of the website. In this list they include some LTDs – and one of them is .dev, that now belongs to Google.
TLDs from this list cannot be localy deleted (for the rest, you can visit chrome://net-internals/#hsts). So our only solution is the simplest one:
We just change the virtual host from nannuka.dev to nannuka.test. Problem solved 🙂