For this documentation we work with the domain `username.company.dev` and this will be used as a wildcard domain, so that for each project you're working on, a sub-domain suffix will be added, e.g. `shop.username.company.dev` or `customer14.username.company.dev`.
For this documentation we work with the domain `username.company.dev` and this will be used as wildcard, so that for each project you're working on a sub-domain suffix will be added, e.g. `shop.username.company.dev` or `customer14.username.company.dev`.
To tell Docker, Traefik and L3D, that this domain should be used with SSL, add these environment variables to your `~/.env` file:
#### Issue a wildcard SSL certificate
```bash
DOCKER4DRUPAL_TRAEFIK_DOMAIN=username.company.dev
DOCKER4DRUPAL_TRAEFIK_USESSL=1
DOCKER4DRUPAL_TRAEFIK_PORT=80
DOCKER4DRUPAL_TRAEFIK_PORTS=443
```
Last but not least, your local DNS needs to be configured, so your browser knows, that `*.username.company.dev` can be found at `127.0.0.1`. If you have a DNS resolver, that can handle wildcards, then that's what you should go for. If you don't have one, or if you don't know, then you need to edit `/etc/hosts` and add a line like this:
Unfortunately, for each new project you have to add the new domain to that list before the browser can find it.
#### Getting SSL certificates
This is the final component and there are 2 supported options: automatic or manual.
After one of the 2 methods got setup,go to one of your projects in L3D and call `ahoy traefik rewrite` to get everything setup once and forever.
##### Automatic
This is possible, if your domain registrar or DNS provider offers an API that LetsEncrypt can use. If not, then you have to gop for the manual approach below.
Define an A-record for `*.username.company.dev` with an IP address that probably points to the company website. Then, create an API token with the DNS provider and configure additional variables in `~/.env`, here with an example for CloudFlare as the DNS provider:
With this configuration, Traefik will generate SSL certificates for all your projects automatically in the background.
##### Manual
For this you have to install a LetsEncrypt client. We recommend [Certbot](https://certbot.eff.org). Then you can issue a wildcard certificate with the following command:
You will be presented with a request to configure a TXT record on your DNS provider. Once you're done that, certbot will issue the SSL certificate for you and you're good to go. Note: you have to renew the certificate every 3 months by using the same commands again.
#### Configure Traefik to use your SSL certificate
Add the following line to your `.env` file in your user's home directory:
```bash
DOCKER4DRUPAL_TRAEFIK_DOMAIN=username.company.dev
DOCKER4DRUPAL_TRAEFIK_USESSL=1
DOCKER4DRUPAL_TRAEFIK_PORT=80
DOCKER4DRUPAL_TRAEFIK_PORTS=443
DOCKER4DRUPAL_TRAEFIK_CERT=fullchain.pem
DOCKER4DRUPAL_TRAEFIK_KEY=privkey.pem
```
To update your Traefik configuration and restart the service, go to one of your
projects in L3D and call `ahoy traefik rewrite` to get everything setup once and
forever.
Note: every 2 months you will have to renew the SSL cert with LetsEncrypt by calling `certbot renew` and then copying the new cert files into the same directory ad described above and then restart Traefik.
