From 9c3609b381735faada76276bf520387e0184d932 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 25 Jan 2021 18:48:26 +0100
Subject: [PATCH] composer/library/docker-traefik#2 Describe how to use SSL in
 local development

---
 docs/docker/l3d/drupal.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/docker/l3d/drupal.md b/docs/docker/l3d/drupal.md
index 096e16c..5a4cd07 100644
--- a/docs/docker/l3d/drupal.md
+++ b/docs/docker/l3d/drupal.md
@@ -140,3 +140,38 @@ available in your LAN for that project:
 Everyone in the LAN can access the current projects on all hosts of developers,
 if configured this way. Even for remote teams, this very same setup can be 
 achieved over a VPN.
+
+### Working with SSL
+
+#### Specify and configure your dev-domain
+
+For this documentation we work with the domain `username.company.dev` and this will be used as wildcard, so that for each project you're working on a sub-domain suffix will be added, e.g. `shop.username.company.dev` or `customer14.username.company.dev`.
+
+#### Issue a wildcard SSL certificate
+
+For this you have to install a LetsEncrypt client. We recommend [Certbot](https://certbot.eff.org). Then you can issue a wildcard certificate with the following command:
+
+```
+certbot -d "*.username.company.dev" --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly
+cp /etc/letsencrypt/live/username.company.dev/*.pem ~/.traefik/certs
+sudo chmod +r ~/.traefik/certs/*.pem
+```
+
+You will be presented with a request to configure a TXT record on your DNS provider. Once you're done that, certbot will issue the SSL certificate for you and you're good to go. Note: you have to renew the certificate every 3 months by using the same commands again.
+
+#### Configure Traefik to use your SSL certificate
+
+Add the following line to your `.env` file in your user's home directory:
+
+```bash
+DOCKER4DRUPAL_TRAEFIK_DOMAIN=username.company.dev
+DOCKER4DRUPAL_TRAEFIK_USESSL=1
+DOCKER4DRUPAL_TRAEFIK_PORT=80
+DOCKER4DRUPAL_TRAEFIK_PORTS=443
+DOCKER4DRUPAL_TRAEFIK_CERT=fullchain.pem
+DOCKER4DRUPAL_TRAEFIK_KEY=privkey.pem
+```
+
+To update your Traefik configuration and restart the service, go to one of your
+projects in L3D and call `ahoy traefik rewrite` to get everything setup once and
+forever.
-- 
GitLab