Mask a URL behind a custom domain for screencasts and demos. Adds a trusted HTTPS reverse proxy so the browser shows a clean display domain with a green padlock while serving content from the real target URL. Handles /etc/hosts, mkcert certificates, and cleanup automatically. Triggers on: "domain mask", "mask domain", "mock domain", "proxy URL", "demo URL", "fake domain", "screencast proxy", "mask URL for demo", "domain-mask".
Mask a URL behind a custom domain for screencasts and demos. Opens an
HTTPS reverse proxy so the browser address bar shows a clean domain
(e.g., wknd.adventures) while content is served from the real URL
(e.g., https://main--mysite--org.aem.page). Trusted certificate via
mkcert — no browser warnings.
brew install mkcert && mkcert -install)if [[ -n "${CLAUDE_SKILL_DIR:-}" ]]; then
DOMAIN_MASK="${CLAUDE_SKILL_DIR}/scripts/domain-mask.mjs"
else
DOMAIN_MASK="$(find ~/.claude -path "*/domain-mask/scripts/domain-mask.mjs" \
-type f 2>/dev/null | head -1)"
fi
if [[ -z "$DOMAIN_MASK" || ! -f "$DOMAIN_MASK" ]]; then
echo "Error: domain-mask.mjs not found." >&2
fi
Ask the user for two values (or extract from their message):
wknd.adventures)https://gabrielwalt.github.io)which mkcert || echo "Install mkcert: brew install mkcert && mkcert -install"
If mkcert is missing, tell the user to install it and run mkcert -install
once to set up the local CA.
sudo node "$DOMAIN_MASK" <display-domain> <target-url>
The script handles everything automatically:
127.0.0.1 <display-domain> to /etc/hostsTell the user:
https://<display-domain> in their browserAfter the user stops the proxy, verify cleanup succeeded by checking the script output. If it reports a warning about /etc/hosts cleanup, help the user remove the entry manually:
sudo sed -i '' '/<display-domain>/d' /etc/hosts
Host headerLocation headers in redirects back to the display domainstrict-transport-security headers (prevents cert conflicts)accept-encoding (avoids compressed responses)/etc/hosts path, brew install mkcert)