New user asks: I’ve created a custom DNS zone in Enclave called .dev. I’ve also added some records to this zone (e.g. docs). When I ping docs.dev I correctly see the Enclave IP address of a connected peer.
I know this server is listening on port 80 but I cannot load it in my browser, the connection just times out. What’s going on?
I think you might be encountering HSTS preloading. HSTS is a mechanism to force browsers not to use HTTP when loading a website and use HTTPS instead.
If you’ve got a webserver listening on port 80, chances are its unlikely to be served via HTTPS with a TLS certificate. Normally that’s fine. Chrome / Firefox etc. wouldn’t have a problem accessing it, but this case you’ve created a top-level domain called .dev and tried to serve the website on http://docs.dev.
The .dev TLD is actually owned by Google. If you take a look at the Chromium source code transport_security_state_static.json (warning: large file) you can see that in that JSON file there’s a line which reads:
{ "name": "dev", "policy": "public-suffix", "mode": "force-https", "include_subdomains": true },
This tells Chrome that all .dev domains must be loaded using HTTPS. Chrome (and Firefox, which uses the same list) will simply timeout if you try to access that server using the docs.dev (or any other *.dev) hostname over HTTP.
The fix is easy, run your webserver with HTTPS instead of HTTP.