0
1
00:00:06,890 --> 00:00:12,590
Next up how can I handle SSL cert c.
1

2
00:00:12,730 --> 00:00:16,640
Santiago says How can I handle SSL cert for engine X and local environment.
2

3
00:00:16,720 --> 00:00:23,130
Dev environment to prod for HTPs yes so.
3

4
00:00:24,540 --> 00:00:30,810
Locally you just need to create your own certs if you're going to a local development then what I would
4

5
00:00:30,810 --> 00:00:37,410
probably do is use engine X or traffic or something like that inside your compose file and that way
5

6
00:00:37,410 --> 00:00:48,430
you can have your URLs and parcels back to your app right and you can look up Let's Encrypt Let's Encrypt
6

7
00:00:48,430 --> 00:00:55,390
has a good article on certificates for local hosts and they give you the whole background on why you
7

8
00:00:55,390 --> 00:01:01,360
shouldn't get wild cards or why you shouldn't go use a lets encrypt for local host traffic and that
8

9
00:01:01,360 --> 00:01:07,000
you really should just generate them store them on your local machine and bind mount them in your containers
9

10
00:01:07,000 --> 00:01:12,760
at runtime use Docker compose to bind mount those certificates into your running containers and that
10

11
00:01:12,760 --> 00:01:15,720
way they always have trust a certificate.
11

12
00:01:15,730 --> 00:01:22,100
Now if you use the same certificate all the time and this is what I do then you can store it outside
12

13
00:01:22,100 --> 00:01:27,150
your project somewhere on your local machine and then you can tell your browsers to trust it.
13

14
00:01:27,200 --> 00:01:29,500
So if you're using the name that matches the certificate.
14

15
00:01:29,510 --> 00:01:33,950
If you create the certificates with the name local host on your local machine and then you use those
15

16
00:01:33,950 --> 00:01:39,710
in your compose file for your proxies and then you tell your browsers to trust that certificate.
16

17
00:01:39,710 --> 00:01:44,050
Then you have you know you have a great local deployment environment that is always going to work.
17

18
00:01:44,060 --> 00:01:49,580
It's not going to give you warnings and your browsers will trust it you don't necessarily need to go
18

19
00:01:49,580 --> 00:01:52,810
get third party certificates because those don't work for local machines.
19

20
00:01:52,810 --> 00:01:57,200
They're not designed for local machines and I wouldn't easily share these certificates out there's no
20

21
00:01:57,200 --> 00:01:59,750
reason to really share them they're easy to create.
21

22
00:01:59,790 --> 00:02:01,640
Know so it's to me it's kind of like an SS HQ.
22

23
00:02:01,640 --> 00:02:03,050
Just keep it on your local machine.
23

24
00:02:03,050 --> 00:02:08,120
You might even just keep it in your dot SSH folder or create one called Dot cert in your profile
24

25
00:02:08,120 --> 00:02:14,900
on your local machine and just storm there and link to them in your compose files so that you will always
25

26
00:02:14,900 --> 00:02:19,750
have them when you need them inside of your proxies or any web servers that you want to have SSL locally.
26

27
00:02:19,760 --> 00:02:21,830
Now of course in production that's a totally different deal.
27

28
00:02:21,830 --> 00:02:28,220
If you're talking about Docker swarm for instance I like to use Let's Encrypt with traffic which traffic
28

29
00:02:28,250 --> 00:02:36,570
is a front end proxy that works like engine X in that way and I have a repo called dogs versus cat that
29

30
00:02:36,570 --> 00:02:37,820
has an example of that.
30

31
00:02:37,830 --> 00:02:40,670
I'll also throw that in here for you.
31

32
00:02:41,990 --> 00:02:50,300
That repo has an example of how to use a traffic proxy with Let's Encrypt so it will automatically go
32

33
00:02:50,300 --> 00:02:52,360
get your certificates and bring them back.
33

34
00:02:52,400 --> 00:02:56,030
Now if you want to go buy your own certificates like what we traditionally used to do.
34

35
00:02:56,090 --> 00:02:56,900
That's fine too.
35

36
00:02:56,900 --> 00:03:03,200
You could store those in secrets in and swarm using Cuban eddies you could also storm and secrets and
36

37
00:03:03,200 --> 00:03:05,390
that way they'd be available for whatever containers you need.
37

38
00:03:06,670 --> 00:03:07,860
Hopefully that helps.
38

39
00:03:07,930 --> 00:03:08,830
And good question.