Skip to content

Instantly share code, notes, and snippets.

@richRemer

richRemer/chrombook-development.md

Created March 21, 2023 17:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save richRemer/8a74b276fa442614731dc9baf745cc9e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save richRemer/8a74b276fa442614731dc9baf745cc9e to your computer and use it in GitHub Desktop.
Download ZIP
Guide to local web development on Chromebook
Raw
chrombook-development.md

This guide describes how to setup your Chromebook for local web development. This will help you configure TLS for a server running in Linux on ChromeOS and accessed through the Chrome web browser.

Background

It's important to note a couple things about how Linux on ChromeOS works. Some of this information is hard to come across, so the details are summarized here.

  • Google Chrome runs in the ChromeOS host environment
  • Linux on ChromeOS runs in a Linux container
  • Linux containers are isolated from the host environment
  • the default hostname for Linux on ChromeOS is "penguin"
  • in the host environment, penguin.linux.test resolves to the IP address of the Linux container

Create Snakeoil Certificate

First, you will need to generate a certificate for the penguin.linux.test hostname. While you don't need to understand this in detail, some context may be helpful.

  • site owners need certificate authorities (CA) to issue certificates
  • CAs and site owners generate private keys only they know
  • CAs issue root certificates
  • root certificates are installed to your computer or browser
  • site owners generate certificate signing requests (CSR)
  • CSRs are sent to CAs to request a certificate
  • CAs issue public certificates to site owners
  • site owners configure software to use their issued cert and private key

Setup Working Directory

It's a good idea to create a clean working directory before you start. All commands in this document should be run from that working directory.

Create CA

C=US
CN=Penguin-Root-CA
SUBJ="/C=$C/CN=$CN"

openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "$SUBJ"

Generate CSR

C=US
ST=California
L="San Diego"
O="Linux on ChromeOS"
CN=penguin.linux.test
SUBJ="/C=$C/ST=$ST/L=$L/O=$O/CN=$CN"

openssl req -new -nodes -newkey rsa:2048 -keyout $CN.key -out $CN.csr -subj "$SUBJ"

Issue Certificate

CN=penguin.linux.test
EXTFILE="
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $CN
"

openssl x509 -req -sha256 -days 1024 -in $CN.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $CN.crt \
  -extfile <( echo "$EXTFILE" )

Artifacts

After running the commands, you should have two files in your directory named penguin.linux.test.crt and penguin.linux.test.key. These files can be used to configure your server software for TLS.

In addition, you will have a file named ca.crt. This is the CA root which should be configured in your browser so that it trusts the site certificate.

Trust CA Root Certificate

To configure Chrome to trust your certificate authority (and any certificates issued by your CA), open Chrome and navigate to:

  • Settings
  • Privacy and Security
  • Security
  • Manage Certificates
  • Authorities
  • Import
  • navigate to the ca.crt file generated above

Navigate to Server

Once your server and browser have been configured, use the following URL to navigate to your application: https://penguin.linux.test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment