SSL setup is necessary to run integration tests on other devices than localhost.
Add your dev desktop as a host class to this material set's destinations: Material set. If not part of the harley posix group, also add retrieve and verify permissions for your user.
Create a directory called credentials in the root of this package to store
the credentials used in webpack configuration.
Go to your dev desktop and run the command below to retrieve the private key.
Copy that key to credentials/key.pem.
/apollo/env/envImprovement/bin/odin-get com.amazon.certificates.local.maestro.amazon.dev-STANDARD_SSL_SERVER_EXTERNAL_ENDPOINT-RSA-Chain -t Credential
Navigate to https://redfort.amazon.com/certificateRecords/4143033
credentials/ca.pemcredentials/cert.pemIn order to debug on network devices, the certificate will only be trusted if we
use a root CA authority which the device has installed. There's an
externally-facing certificate for local.maestro.amazon.dev which we can use,
provided we resolve that domain name to your local laptop.
When all 3 pem files are in the credentials folder, run bb start to start the
local testing server. There should be a link in the console to the https domain.
DNS spoofing is required when testing on devices other than localhost. This isn't required when testing with BrowserStack. This section is a guide to setting up a local DNS server and intercepting local.maestro.amazon.dev.
dnsmasq to create a local DNS server:Find your local private IP (IP address provided to a device by a router, not a public IP) by going to System Preferences -> Network -> Advanced -> TCP/IP -> IPv4 Address.
brew install dnsmasq
mkdir -pv $(brew --prefix)/etc/
echo 'address=/local.maestro.amazon.dev/<local_private_ip>' >> $(brew --prefix)/etc/dnsmasq.conf
sudo brew services restart dnsmasq
The step above will have to be repeated if your private IP changes, e.g., your router gives you a different dynamic IP, you change routers/locations, etc.
If testing a network device, set your router (or the specific device you're
testing) to use the DNS server of your local laptop. It's recommended to set
your laptop to a static IP so that you don't need to modify these settings
repeatedly. Set a secondary DNS to a typical DNS server, such as 8.8.8.8.
Test the DNS record:
dig local.maestro.amazon.dev @127.0.0.1
You should see something like this:
;; ANSWER SECTION:
local.maestro.amazon.dev. 0 IN A <local_private_ip>
sudo tee /etc/resolver/local.maestro.amazon.dev >/dev/null << EOF
nameserver 127.0.0.1
EOF
Test that the setup is working correctly, and it didn't affect your access to other domains:
ping -c 1 www.google.com
ping -c 1 local.maestro.amazon.dev
You should receive one response from each (0% loss).
This is necessary in order to allow network devices to reach your local DNS server (your laptop).
echo "while true;
do
sudo pfctl -d
sleep 60
done" >> /usr/local/bin/firewall
bash firewall
Below message would be printed every 60s:
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf not enabled
IMPORTANT NOTE: Be cautious when using this command, since it will disable your firewall and allow all incoming requests to your machine, which introduces potential security risks. Remember to kill the execution of this command after the testing.