SSL for Local Development: Tools and Techniques
Understanding the importance of using SSL in local development, this article discusses reasons for SSL usage, setting up localhost and self-signed CAs, and tools like mkcert and Caddy to facilitate the process. It highlights the benefits and potential drawbacks of each tool, offering insights on implementing SSL effectively in a local development environment.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
ITS - Administrative Information Services SSL for Developers How to use SSL in local development November 19, 2020
Reasons to use SSL in local development * Make browsers happy At some point browsers will complain loudly about non-encrypted traffic Mixed content CORS issues * A client-side integration requires HTTPS * You need to have an external user/service interact with your app in development ITS - Administrative Information Services
Localhost and Self-Signed CAs * You can't just go to the Sentigo portal and request a SSL certificate for localhost * You need a few bits to get SSL to work for localhost A private, self-signed CA A SSL certificate signed by that private CA That private CA imported into your SSL trust stores * You can certainly do all of this yourself, but there are a number of steps you have to do through. There is a better way. ITS - Administrative Information Services
Tools - mkcert * https://github.com/FiloSottile/mkcert * Generates private certificate authority and certificate for use with localhost and installs in appropriate key stores * Pro: Easy to install and use * Pro: Do it once and forget (more or less) * Pro: Available for all platforms * Cons: Non-trusted CA so external entities can t trust ITS - Administrative Information Services
Tools - Caddy * https://caddyserver.com * Versatile web server that can automatically generate SSL certs and be a reverse proxy * Pro: Easy to install and use * Pro: Can also generate private CA * Pro: Can automatically generate/renew trusted certs through ACME protocol * Pro: Reverse proxy, load balancer, and other functions * Con: Adds another layer to your development stack ITS - Administrative Information Services
Caddyfile Examples Use private CA and just respond with a string localhost respond "Hello World!" Use trusted cert and reverse proxy to other services on localhost mialber.its.uiowa.edu reverse_proxy localhost:9000 reverse_proxy /dispatch/public/build/* localhost:8080 reverse_proxy /sockjs-node/* localhost:8080 tls /etc/ssl/mialber.cer /etc/ssl/mialber.key ITS - Administrative Information Services
Better yet, Docker Compose # Caddy - to serve as the HTTP/S server caddy: image: caddy:alpine volumes: - ~/caddy/ssl:/etc/ssl - ~/caddy/caddy_data:/data - ~/caddy/Caddyfile:/etc/caddy/Caddyfile ports: - "443:443" - "80:80" - "8080:8080" ITS - Administrative Information Services
ITS - Administrative Information Services Questions? Michael Alberhasky michael-alberhasky@uiowa.edu