@@ -140,3 +140,38 @@ available in your LAN for that project:
Everyone in the LAN can access the current projects on all hosts of developers,
if configured this way. Even for remote teams, this very same setup can be
achieved over a VPN.
### Working with SSL
#### Specify and configure your dev-domain
For this documentation we work with the domain `username.company.dev` and this will be used as wildcard, so that for each project you're working on a sub-domain suffix will be added, e.g. `shop.username.company.dev` or `customer14.username.company.dev`.
#### Issue a wildcard SSL certificate
For this you have to install a LetsEncrypt client. We recommend [Certbot](https://certbot.eff.org). Then you can issue a wildcard certificate with the following command:
```
certbot -d "*.username.company.dev" --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly
You will be presented with a request to configure a TXT record on your DNS provider. Once you're done that, certbot will issue the SSL certificate for you and you're good to go. Note: you have to renew the certificate every 3 months by using the same commands again.
#### Configure Traefik to use your SSL certificate
Add the following line to your `.env` file in your user's home directory:
```bash
DOCKER4DRUPAL_TRAEFIK_DOMAIN=username.company.dev
DOCKER4DRUPAL_TRAEFIK_USESSL=1
DOCKER4DRUPAL_TRAEFIK_PORT=80
DOCKER4DRUPAL_TRAEFIK_PORTS=443
DOCKER4DRUPAL_TRAEFIK_CERT=fullchain.pem
DOCKER4DRUPAL_TRAEFIK_KEY=privkey.pem
```
To update your Traefik configuration and restart the service, go to one of your
projects in L3D and call `ahoy traefik rewrite` to get everything setup once and
