Proposal: handling SSL setup and usage on local environments

[fabriciojs]

Local development that mimics all the scenario existing in a production environment is challenging, and using valid SSL local certificates nowadays play a big part in that.

Maybe we could help along with something like:

• kool ssl enable / Generates and installs a new custom CAroot in the local host machine (maybe only possible under Linux out-of-the-box; should need manual steps on Windows/Macos)

• kool ssl cert kool.localhost / Generates a Cert/Key pair for the given domain, which will be valid for local access - put files in the current working directory.

---

• Do we have enough libraries to implement everything, or should we depend on some openssl images to run containers for this?

• About installing/using the generated certificates, we could handle out-of-the-box for kooldev/php or kooldev/nginx images at least. For others we could only refer to documentation URL that helps figure out how to get them installed on other images.

[fabriciojs]

A popular solution being adopted around the scene - https://github.com/FiloSottile/mkcert

[fabriciojs]

Other solution we may look into for adopting: https://github.com/pric/pric

[ghost]

Hi @fabriciojs,

when you guys have plan to implement this feature. Now a days it is kind of crucial.

Cheers.

[rhnkyr]

@fabriciojs any update on this one?

[dbpolito]

There is a way to it using Caddy auto ssl:

Add this to your docker-compose:

  http:
    image: caddy:2-alpine
    ports:
      - "${KOOL_HTTP_PORT:-80}:80"
      - "${KOOL_HTTP_PORT:-443}:443"
    volumes:
      - .:/app:delegated
      - ./Caddyfile:/etc/caddy/Caddyfile:delegated
      - http:/data:delegated
    networks:
      - kool_local
      - kool_global

Create file Caddyfile

localhost {
    root * /app/public
    file_server
    reverse_proxy / app
}

And comment ports section in your app service.

Then, you need to trust the local root cert, on mac you can do this:

docker-compose cp http:/data/caddy/pki/authorities/local/root.crt .
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain root.crt

[rhnkyr]

Thanks, @dbpolito!

I have followed your instruction but I have an issue as

The connection for this site is not secure
xxxxx.xxx.test sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

it is a subdomain URL.