OrbStack 1.1: HTTPS for containers in 6 seconds

Danny Lin·November 16, 2023·

OrbStack 1.1 is here! This release brings automatic, zero-config HTTPS for your containers, along with a few other improvements.

Remember openssl genrsa? The hours spent on generating certificates, private keys, configuring reverse proxies, and changing trust settings are now a thing of the past. OrbStack will now do all of that automatically, for all containers, and it takes less than 6 seconds to set up.

Download OrbStack

Why HTTPS?

OrbStack is the Docker Desktop alternative that makes it fast, light, and easy to run containers on Mac. We've offered automatic, zero-config domain names for a while, making it easy to access containers, even if you have a lot of them. These domain names are generated to match your Compose project structure (service.project.orb.local), can be customized with wildcards for advanced setups, and work everywhere on your Mac without requiring admin privileges.

However, these domain names are only accessible over HTTP. This is usually fine for development, but modern browsers will show a warning about these sites not being secure if the domain isn't localhost. Worse yet, some newer web APIs (such as WebGPU) require secure contexts (i.e. HTTPS or localhost), so this is no longer just a cosmetic issue—it can break apps, making HTTPS more important than ever.

Introducing: automatic HTTPS

Following the philosophy of OrbStack domains, we've introduced automatic HTTPS for all containers to make it as easy as possible to develop with container domains.

Certificates and keys are generated automatically on the fly. Getting started is as simple as typing https://orb.local or https://<service>.<project>.orb.local in your browser. On first use, type your password to trust the certificate, and then you're good to go!

Automatic HTTPS

This feature is enabled by default but can be disabled in Settings. It works with all OrbStack features, including custom and wildcard domains. Learn more in the docs.

How it works

For security, we generate a root certificate and private key, and store them in the macOS keychain with signature-protected permissions so that no other app can access it. Leaf certificates are then generated on the fly for each container domain. No key material is stored unencrypted, making OrbStack one of the most secure ways to develop with HTTPS. (Most other development setups have unencrypted private keys sitting around on disk, which can be a security risk.)

Other changes in 1.1

  • Better x86 performance on macOS 14.1+
    • We may write a blog post about this soon!
  • Copyable port numbers in container info
  • Machines can now be started from the menu bar
  • Better credential store coexistence with Docker Desktop
  • Fixed DNS memory leak in some error cases
  • Fixed crash when switching tabs quickly
  • Fixed VS Code not connecting in new Alma machines
  • Updates: Docker 24.0.7, Linux 6.5.10, Ubuntu 23.10, Fedora 39, Debian 13 (testing)
  • Other bug fixes and improvements

Try it today

OrbStack's speed, efficiency, and ease of use makes it the ideal way to run containers, Linux, and Kubernetes if you have a Mac. The automatic migration process will copy your existing containers, images, and volumes from Docker Desktop. Once it's up and running, visit orb.local to get started with domains and HTTPS.

Download OrbStack

Follow @OrbStack on Twitter/X and join the Discord community to stay up to date with OrbStack news 👀

Terms·Privacy·Download

© 2024 Orbital Labs, LLC. All rights reserved.
We're hiring!

Docker is a registered trademark of Docker, Inc.
OrbStack is not affiliated with Docker, Inc. in any way.