This article targets Debian docker containers running on MacOS.
HTTP (hypertext transfer protocol) is a set of rules by which your browser retrieves web pages from the internet. HTTP is the same as HTTPS whit the difference being it retrieves pages from the internet in a secure way through a private communication channel.
In our modern age, most sites have this on by default.
When we are developing sites, specifically eCommerce sites, we assume that this would be turned on in the production environment. This post is an attempt to get your development environment even closer to production.
Step 1 – Generate Certificates
For your browser to recognize a site as trusted and secure, it needs to validate the site’s SSL certificate. We will start by creating certs locally. To do this, you need to have OpenSSL installed.
To confirm, type this into your terminal:
You should get the currently installed version as a reply. If not in you will first need to install it. See google for further instructions on this.
Next, change to the root directory of your project, where your docker-compose.yml is. There enter:
openssl genrsa -des3 -out rootCA.key 2048.
You will be prompted for a password, make sure you remember what he is to avoid recreation. This rootCA.key file will be used to create a new root SSL certificate.
To create a new root SSL certificate, valid for 1024 days, type the following command into the terminal. Feel free to change the number of days.
You will be prompted for the password that you set earlier and then some details about your address. Make sure you fill in the qualified hostname as the domain you’re using for testing.
To confirm that all is in order type: ls | grep root. You should now see two files:
Step 2 – Trust the Certificates Root
The files you’ve just created are certificate generator. Before we can trust the certificates we need to trust the generators. For us to trust the certificates generated by these files, we need to tell MacOS to trust the root files.
To trust the root files, open Keychain Access on your Mac. Press CMD+SPACE and type Keychain Access to open the program that allows you to manage your certificates. Click on the Certificates category in the bottom left sidebar. Now, import the rootCA.pem using `File > Import Items` from the top MacOS menu bar.
After the import, double click the imported certificate and under the “When using this certificate:” dropdown select “Always Trust”.
Step 3 – Generate Server Files
Create a file named server.csr.cnf. Edit this file and add the following content to it, be sure to change your domain name. This will help you avoid entering all the details manually:
Next, create a v3.ext file with the following content, in order to create a X509 v3 certificate. Notice how we’re specifying subjectAltName here. Also, make sure to change your domain name accordingly.
Next, create the certificate file called server.crt. The .key and .crt files will both be used by the server. server.key is the private part. sever.crt will be shared with browsers and other clients. Remember the password from step one:
Now we must figure out how to get our files in these directories. If your docker container is mapped to your local file system you can simply navigate to these and copy them over and then renaming your files to match these names( overwriting theses files)
Lastly, after overwriting these files with your own you can restart apache and then load up your sit at it’s HTTP address.
In the conf file above you will see that there are no ssl_certificates, but towards the bottom of the output, you will see include /etc/nginx/conf.d/*.conf;. Looking inside this directory we will see: /etc/nginx/conf.d/default.conf;
Now looking at the output of default you will see the location of the default SSL certificates.
An amazing (biased) talk about the rust language by one of the core contributors. Comparing accidents in the rail road industry to computer programming and memory safety.
Getting air-breaks approved in passenger and freight trains took a long time.
Have a listen to the talk. I found it very interesting and I’m sure you will too.
Valuable advice from the “Tech Lead”. A career in software engineering is a long term game, it’s a marathon, not a sprint. Having habits like these, ensure that you’re preserving yourself as you grow in experience and influence.
Healthy Lifestyle, exercise, water and nutrition. Keep a good posture.
Good Sleep routines.
Continual learning. Keep your skills sharp.
Have result-oriented work ethic. Focus on being effective, get work done.
Keep things simple. For yourself and others. Complexity works against you.
Create periods of deep work in your day.
Collaborate with other programmers to save time and effort