Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Yes, get your local environment as close to production as possible, helps you catch stupid https bugs. Also, you won't need differing dev/prod config other than the certs
C0D45941731dFor local, no, but i stand by the fact Dev/local and prod should be as close of a replica as possible.
For staging / prod, yes.
sbiewald372831dlocalhost could be pointing to a remote server (e.g. if looked up over DNS with a man in the middle).
While absolutely unlikely and nearly irrelevant (as localhost is in your hosts file), but this scenario is listed as a vulnerability for the original SSH (not OpenSSH): https://kb.cert.org/vuls/id/...
IntrusionCM327431dThe fun thing is: You should do migration testing in a localhost environment.
My workstation has - thanks to Gentoo and bleeding edge - more than once catched a fuckity before it was _too late_.
And especially in cryptography it can - eg regarding ciphers - be a decisive factor to realize at an early stage that you'll need to get the weed whacker...
You deploy in localhost, you'll fire up the engines and suddenly all phasers gone to fail - the HTTP library is so old that it rejects the newer ciphers...
Or a certain library has under certain conditions done the wrong thing...
And after OpenSSL upgrade suddenly the library presents you the big middle finger and justs terminates.
Cryptography libraries and their implementation can be very fuckity. And when you need to replace cert chains it's usually a nightmare.
Not because it's hard, but because an oversight can lead to full blackout. :/
ThorE330dAlso necessary if you work with Web Workers, you can't deploy them without having HTTPS enabled
Inxentas53630dIs there a quick and easy way to get one on your local machine (apache)? With web hosts you send a mail and it's done, but all I seem to find about getting a fake one locally involves many steps I don't understand. Fucked up my WAMP twice now.