Devlove mode¶
Develop with HTTP/2 and HTTPS¶
Developing websites with HTTPS+HTTP/2 is harder than just using plain old HTTP. For one, there are more things to configure: domain names, matching certificates and encryption. For another, an HTTP/2 socket is encrypted and may be used to transfer several files simultaneously, which is good but makes harder to troubleshoot issues. Last but not least, to reap the performance benefits of HTTP/2 one needs to take into account latency, HTTP/2 priorities and HTTP/2 Push during development, not as an after-thought.
We try to make all of that very easy or automatic. We also think that if one person in a team creates a setup for a website, the other members of the team should only need to clone a repository to be up and going.
For a web server, there are situations when one must decide between
being helpful to people creating websites, or having more security and
performance goodies.
In ShimmerCat, we decide in favor of developers in the devlove operation
mode, while with internet mode we decide for the later.
How to use devlove mode¶
We already saw a very simple example in our Get Started guide where ShimmerCat was used in devlove mode. If you have not seen that guide, do that now, the entire guide fits in a screen and it takes five minutes to complete. Here we will just describe the more practical aspects.
Running devlove¶
As we saw before, running devlove is easy. Here are the very basic steps:
In a terminal, change to the directory where your project is.
If you are just starting your project, edit your
devlove.yamlfile according to your needs. You can use thedevlove.yamlfile in the Get Started guide as a starting point. If you need something more advanced (like talking to a backend application or serving several domains), take a look to our Structuring Apps guide.Run
shimmercat devlove
ShimmerCat will start running in the foreground, and you should be able to see your site. If this is the first time even that you use ShimmerCat, you will need to setup a browser for ShimmerCat. We will get to that in a minute, but just let me write below the other things that you should know when using ShimmerCat:
To terminate ShimmerCat, press Ctrl+C.
If you are using SOCKS5 and your site loads resources from third party services, use the
-woption.
HTTPS setup for development¶
ShimmerCat sets up certificates for the domains you configure in the
devlove.yaml file automatically.
For example, for the devlove.yaml file in our
Get Started guide,
ShimmerCat will generate a
certificate for the domain www.hello.com.
The certificate itself is stored on the project directory where you
run ShimmerCat, inside ShimmerCat’s scratch folder.
Those are development certificates, and they are signed with a CA certificate
which is also generated for you.
The CA is stored at ~/.config/mousebox/ so that it can be re-used for
all your development projects.
The only quirk is that you need to configure a browser to trust this
CA certificate.
We recommend to do this in a special development profile.
Creating a development profile for Chrome can be done automatically with the sc-tool, but if you want to do it by hand here are some links to help you:
For Mozilla Firefox, their official documentation explains how to do it pretty well.
For Google Chrome, you can use a new data directory.
We have a built-in SOCKS5 server that presents your website as
part of a network “imagined” by ShimmerCat
(this video explains it better).
We like to configure our development browser to use this SOCKS5 proxy.
In this way we can connect to our in-development website using just its
name but without needing to change /etc/hosts.
The sc-tool also configures SOCKS5 in Chrome’s development profile
when invoked as sc-tool chrome.
The manual procedure for making browsers trust your CA is explained below.
Installing the development CA certificate for browsers in Linux¶
Google Chrome¶
Navigate to chrome://settings, click “Show advanced settings…” at the bottom, and
then scroll to HTTPS/SSL and click the “Manage certificates” button.
In the dialog that appears, select the “Authorities” tab and click the “Import…”
button, then browse to the file with name “mousebox_ca_root_xxxxxx” in your
Mousebox’s config directory, i.e. ~/.config/mousebox. In the dialog that appears,
instruct the browser to trust this certificate for identifying websites.
Mozilla Firefox¶
Navigate to “about:preferences” , then select “Advanced” in the right bar, and then
click in the “Certificates” tab. Click the “View Certificates” button, and select the
“Authorities” tab. Click the “Import…”
button, then browse to the file with name “mousebox_ca_root_xxxxxx” in your
Mousebox’s config directory, i.e. ~/.config/mousebox. In the dialog that appears,
instruct the browser to trust this certificate for identifying websites.
Installing the development CA certificate for Mac OS X¶
Mac OS X users need to use the Keyring Manager to install the CA certificate.
The certificate itself can be found at the ~/.config/mousebox folder.
You can do it manually, or you can use sc-tool.
Install it with pip install sc-tool and execute:
sc-tool add-ca
Miscellaneous characteristics of devlove mode¶
These are some details that you may find useful:
SOCKS5 proxy is open by default at port 2006.
In devlove mode, and only in devlove mode, ShimmerCat adds a header
sc-viewto responses forwarded from an inner application indicating the SC-view that rendered it.Only one ShimmerCat process is launched.
Handling of error status codes¶
When the application backend returns a 404 code for an electric domain, ShimmerCat
relays that 404 answer to the client.
This behavior is exclusive to devlove mode.
In Internet mode, ShimmerCat looks instead for a generic __404.html template.
In devlove mode, ShimmerCat will also relay responses with 500 status codes literally to the browser, but they will be replaced by a generic terse message in Internet mode. The intention is to avoid leaks of sensitive information that may be present in 500-error application diagnostics from production servers.