*.stge.it → 127.0.0.1
Every subdomain of stge.it resolves to your own machine. Free wildcard DNS for local development — no signup, no install, nothing to trust.
$ dig +short anything.stge.it
127.0.0.1
$ dig +short really.anything.stge.it
127.0.0.1
Why you'd want this
Lots of things behave differently on a real, registrable domain than on localhost: subdomain routing, cookie scopes, OAuth redirect URIs, CORS origins, multi-tenant apps. stge.it gives every project on your machine a proper name without touching /etc/hosts:
$ npm run dev # listening on :5173
# open http://myapp.stge.it:5173
# name as many as you like — they're all your loopback
http://api.stge.it:8080
http://web.stge.it:3000
http://tenant-a.app.stge.it:3000
Your traffic never leaves your machine. The DNS answer is 127.0.0.1 — there is no server behind these names, no logging, nothing to phone home to. (Same idea as localtest.me or lvh.me.)
Fine print (without candy)
- No HTTPS. You can't obtain a publicly-trusted certificate for a name that resolves to loopback in a zone you don't control. For local TLS, use mkcert, or bring your own domain (see below).
- DNS-rebind protection. Some routers and resolvers refuse public names that resolve to private addresses. Allowlist the domain (dnsmasq:
rebind-domain-ok=/stge.it/) or use a public resolver like1.1.1.1. - Needs the network for the DNS lookup. Offline, fall back to a hosts-file entry.
- Shared cookie scope. All
*.stge.itapps in one browser share the registrable domain — scope cookies to the exact host, not.stge.it.
With candy
candy is the tool this domain was set up for: a single Go binary that embeds the Caddy proxy and owns the whole local-HTTPS loop — a port registry, reverse proxy, DNS records, and real wildcard certificates.
$ candy register myapp
registered myapp
url: https://myapp.stge.it
port: 42004
cert: ready
One command per project: candy assigns a port from a range, serves https://<name>.<your-domain> with a publicly-trusted wildcard cert (DNS-01 through your own Cloudflare token), and hot-reloads with zero downtime. It's built for coding agents as much as humans — every command is idempotent, speaks --json, and explains its own side effects (candy explain register).
Certificates for stge.it itself are issued only on its owner's machine — with candy you bring your own domain and token, and get exactly this setup under your own name. The source isn't published yet; if you want it, say so: @davidfregoli.