Setting up mkcert for remote development

[cold-nagai]

My goal is to make my PC securely communicate with the website running on my LAN server. The server is currently running a development version of the website via ddev, and i exposed it's port via --host-webserver-port=8080 --bind-all-interfaces. In order to make https work, i exported mkcert generated certificate from the mounted docker directory to my development machine. However, the certificate doesn't include local LAN address 192.168.0.111, and i can't figure out the easiest way around it.

[rfay]

Hi @cold-nagai - It's easier to do this with a real certificate or using Let's Encrypt, see https://ddev.readthedocs.io/en/latest/users/topics/hosting/

However, the mkcert CA that you want (not a certificate) is not in Docker, it's in the directory shown in mkcert_ca_root in your ~/.ddev/global_config.yaml

The CA doesn't care about IP addresses, and the way you'd install it in your browser is essentially what's shown in https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#windows - there are more details at https://github.com/FiloSottile/mkcert?tab=readme-ov-file#installing-the-ca-on-other-systems

[rfay]

I'm sure you know that this is not how DDEV is intended to be used; You titled this "Settings up mkcert for local development" but you're using it for remote development. DDEV is intended for local development, and you don't need to do any of this normally.

[cold-nagai]

I'm not familiar with the LAMP stack and figured it'd be better to use ddev instead of setting up everything manually. I ran into issues with podman on my local machine, but quickly discovered that ddev works on my server running rootful docker, hence why i use it this way. It's not really a remote development either since i'm using sshfs.

[rfay]

I think you'll find everything a lot easier if you just set up DDEV as intended. Install a Docker provider and ddev on your own machine.

[cold-nagai]

local ddev indeed works fine, but when i visit the local copy of the website, it redirects me to the production version of the website. apache2 log shows the following:
apache2: Could not reliably determine the server's fully qualified domain name, using ****. Set the 'ServerName' directive globally to suppress this message

The production version of the website runs on Pantheon, and i honestly have 0 idea how the whole stack works. Will /etc/hosts do the trick if i were to replace the website.com with the 127.0.0.1

[rfay]

If your code is redirecting, it doesn't have anything to do with certificates. It has to do with your Apache config, probably the .htaccess. You should see what's going on there. Try it with ddev config --webserver-type=nginx-fpm and see if it redirects... it probably won't.