Ivan Starkov
Posted on November 13, 2021
Modern days having that cookies auth etc depends on https we need to have https local web environment.
Before to generate local certificates I used minica.
The main issue that you need a big readme for osx, linux and windows users, how to regenerate keys,
how to add minica certificate to Keychain, how to change hosts file.
Having that we use vscode remote for development it was 2x more work to register all that keys on local and remote machines.
The solution below doesnt need any setup from developers.
Solution in short
Register on DNS provider A records for development like:
A blabla.devdomain.com 127.0.0.1
Then using letsencrypt certbot for your provider just generate needed certificates.
They are already trusted and the only issue is 3 month expiration period, what can be easily fixed with cron.
Full solution.
In our case we use cloudflare as DNS.
Generation certificates for few domains on cloudflare looks:
Create cloudflare API token https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys#12345680
TF_VAR_CLOUDFLARE_API_KEY={YOURAPITOKEN}
mkdir -p /tmp/certbot/
mkdir -p /tmp/letsencrypt/
cat > /tmp/certbot/cloudflare.ini <<-DOCKERFILE
dns_cloudflare_api_token = ${TF_VAR_CLOUDFLARE_API_KEY}
DOCKERFILE
docker run -it --rm --name certbot \
-v "/tmp/letsencrypt/data:/etc/letsencrypt" \
-v "/tmp/certbot:/local/certbot" \
certbot/dns-cloudflare:v1.15.0 certonly \
-m istarkov@gmail.com \
--dns-cloudflare \
--dns-cloudflare-credentials /local/certbot/cloudflare.ini \
--agree-tos \
--noninteractive \
-d subdomain.mydomain.com \
-d other.mydomain.com \
-d blabla.hello.com
# subdomain.mydomain.com, other.mydomain.com, blabla.hello.com must have A records on cloudflare pointing to 127.0.0.1
cp /tmp/letsencrypt/data/live/subdomain.mydomain.com/* ./
cat ./fullchain.pem ./privkey.pem > ./haproxy.pem
thats all, now for nodejs apps use following https options
key: fs.readFileSync('./privkey.pem'),
cert: fs.readFileSync('./fullchain.pem'),
for haproxy use haproxy.pem
like in simple config below
# haproxy -f ./playground/haproxy-http-2.cfg -db
frontend rgw-https
bind *:3009 ssl crt /root/realadvisor/https-dev-keys/haproxy.pem alpn h2,http/1.1
default_backend rgw
backend rgw
balance roundrobin
mode http
server rgw1 127.0.0.1:3000 check
This is fast and simple way I prefer now to have development certificates, which doesnt need any additional documentation for developers.
Posted on November 13, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.