1 00:00:06,890 --> 00:00:12,590 ‫Next up how can I handle SSL cert c. 2 00:00:12,730 --> 00:00:16,640 ‫Santiago says How can I handle SSL cert for engine X and local environment. 3 00:00:16,720 --> 00:00:23,130 ‫Dev environment to prod for HTPs yes so. 4 00:00:24,540 --> 00:00:30,810 ‫Locally you just need to create your own certs if you're going to a local development then what I would 5 00:00:30,810 --> 00:00:37,410 ‫probably do is use engine X or traffic or something like that inside your compose file and that way 6 00:00:37,410 --> 00:00:48,430 ‫you can have your URLs and parcels back to your app right and you can look up Let's Encrypt Let's Encrypt 7 00:00:48,430 --> 00:00:55,390 ‫has a good article on certificates for local hosts and they give you the whole background on why you 8 00:00:55,390 --> 00:01:01,360 ‫shouldn't get wild cards or why you shouldn't go use a lets encrypt for local host traffic and that 9 00:01:01,360 --> 00:01:07,000 ‫you really should just generate them store them on your local machine and bind mount them in your containers 10 00:01:07,000 --> 00:01:12,760 ‫at runtime use Docker compose to bind mount those certificates into your running containers and that 11 00:01:12,760 --> 00:01:15,720 ‫way they always have trust a certificate. 12 00:01:15,730 --> 00:01:22,100 ‫Now if you use the same certificate all the time and this is what I do then you can store it outside 13 00:01:22,100 --> 00:01:27,150 ‫your project somewhere on your local machine and then you can tell your browsers to trust it. 14 00:01:27,200 --> 00:01:29,500 ‫So if you're using the name that matches the certificate. 15 00:01:29,510 --> 00:01:33,950 ‫If you create the certificates with the name local host on your local machine and then you use those 16 00:01:33,950 --> 00:01:39,710 ‫in your compose file for your proxies and then you tell your browsers to trust that certificate. 17 00:01:39,710 --> 00:01:44,050 ‫Then you have you know you have a great local deployment environment that is always going to work. 18 00:01:44,060 --> 00:01:49,580 ‫It's not going to give you warnings and your browsers will trust it you don't necessarily need to go 19 00:01:49,580 --> 00:01:52,810 ‫get third party certificates because those don't work for local machines. 20 00:01:52,810 --> 00:01:57,200 ‫They're not designed for local machines and I wouldn't easily share these certificates out there's no 21 00:01:57,200 --> 00:01:59,750 ‫reason to really share them they're easy to create. 22 00:01:59,790 --> 00:02:01,640 ‫Know so it's to me it's kind of like an SS HQ. 23 00:02:01,640 --> 00:02:03,050 ‫Just keep it on your local machine. 24 00:02:03,050 --> 00:02:08,120 ‫You might even just keep it in your dot SSH folder or create one called Dot cert in your profile 25 00:02:08,120 --> 00:02:14,900 ‫on your local machine and just storm there and link to them in your compose files so that you will always 26 00:02:14,900 --> 00:02:19,750 ‫have them when you need them inside of your proxies or any web servers that you want to have SSL locally. 27 00:02:19,760 --> 00:02:21,830 ‫Now of course in production that's a totally different deal. 28 00:02:21,830 --> 00:02:28,220 ‫If you're talking about Docker swarm for instance I like to use Let's Encrypt with traffic which traffic 29 00:02:28,250 --> 00:02:36,570 ‫is a front end proxy that works like engine X in that way and I have a repo called dogs versus cat that 30 00:02:36,570 --> 00:02:37,820 ‫has an example of that. 31 00:02:37,830 --> 00:02:40,670 ‫I'll also throw that in here for you. 32 00:02:41,990 --> 00:02:50,300 ‫That repo has an example of how to use a traffic proxy with Let's Encrypt so it will automatically go 33 00:02:50,300 --> 00:02:52,360 ‫get your certificates and bring them back. 34 00:02:52,400 --> 00:02:56,030 ‫Now if you want to go buy your own certificates like what we traditionally used to do. 35 00:02:56,090 --> 00:02:56,900 ‫That's fine too. 36 00:02:56,900 --> 00:03:03,200 ‫You could store those in secrets in and swarm using Cuban eddies you could also storm and secrets and 37 00:03:03,200 --> 00:03:05,390 ‫that way they'd be available for whatever containers you need. 38 00:03:06,670 --> 00:03:07,860 ‫Hopefully that helps. 39 00:03:07,930 --> 00:03:08,830 ‫And good question.