@@ -140,3 +140,38 @@ available in your LAN for that project:
...
@@ -140,3 +140,38 @@ available in your LAN for that project:
Everyone in the LAN can access the current projects on all hosts of developers,
Everyone in the LAN can access the current projects on all hosts of developers,
if configured this way. Even for remote teams, this very same setup can be
if configured this way. Even for remote teams, this very same setup can be
achieved over a VPN.
achieved over a VPN.
### Working with SSL
#### Specify and configure your dev-domain
For this documentation we work with the domain `username.company.dev` and this will be used as wildcard, so that for each project you're working on a sub-domain suffix will be added, e.g. `shop.username.company.dev` or `customer14.username.company.dev`.
#### Issue a wildcard SSL certificate
For this you have to install a LetsEncrypt client. We recommend [Certbot](https://certbot.eff.org). Then you can issue a wildcard certificate with the following command:
```
certbot -d "*.username.company.dev" --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly
You will be presented with a request to configure a TXT record on your DNS provider. Once you're done that, certbot will issue the SSL certificate for you and you're good to go. Note: you have to renew the certificate every 3 months by using the same commands again.
#### Configure Traefik to use your SSL certificate
Add the following line to your `.env` file in your user's home directory:
```bash
DOCKER4DRUPAL_TRAEFIK_DOMAIN=username.company.dev
DOCKER4DRUPAL_TRAEFIK_USESSL=1
DOCKER4DRUPAL_TRAEFIK_PORT=80
DOCKER4DRUPAL_TRAEFIK_PORTS=443
DOCKER4DRUPAL_TRAEFIK_CERT=fullchain.pem
DOCKER4DRUPAL_TRAEFIK_KEY=privkey.pem
```
To update your Traefik configuration and restart the service, go to one of your
projects in L3D and call `ahoy traefik rewrite` to get everything setup once and
