HTTPS in development

[Lordfirespeed]

Using HTTPS in development

• Catches bugs that only occur in a HTTPS environment (I'm looking at you, secure cookies...)
• teaches our tech officers about certificate infrastructure
• Looks cool 😎

Ideally, we would support/have instructions for both HTTP and HTTPS in development - this way, new developers could setup HTTP first and verify things work before moving on to the more complicated HTTPS setup.
I think that would make things too complicated, though.
Instead, I think we should

• setup the development nginxconf files to use certificates/keys stored somewhere in this repository's tree (gitignored)
• for initial setup, have developers run a script which creates symlinks to the system snakeoil certificate/key at the appropriate paths
• have developers overwrite the snakeoil symlinks with actual certificates/keys using their local CA

todos

• docs: instructions for setting up a local certificate authority
• docs: instructions for signing a certificate for a development domain (eg. guilds.durhack-dev.com)
• docs: instructions for mapping a development domain to the local loopback address
  • editing /etc/hosts in WSL & verifying using dig / curl
  • editing C:/Windows/System32/drivers/etc/hosts in Windows & verifying using ping.exe / curl.exe
• feat: ca subtree
  • feat: script for initialising all keys/certificates to snakeoil
  • feat: scripts for setting up the certificate authority + generating key material, etc
• feat: edit development config files for HTTPS