Securing Sites
Securing Sites with TLS
By default, Herd serves sites over HTTP. However, if you would like to serve a site over encrypted TLS using HTTP/2, you may secure your sites. This is sometimes necessary when working with redirect URLs and other scenarios.
Via the GUI
You can secure/unsecure a site in the Site Manager. You can open the Sites window via the Herd menu bar icon and selecting “Sites”.
If you see a closed lock icon, the site is secure and if there is crossed out lock, the site does not have a certificate and is served via HTTP.
Clicking on the lock icon toggles the status of the site. If you’re securing the site, you may need to confirm one or more permission related popups to create the local certificate.
Via the CLI
If you prefer to use the CLI, you can use the herd secure command to secure/unsecure a site.
For example, if Herd serves your site via the example-site.test domain, you need run the following command to secure it:
To “unsecure” a site and revert back to serving its traffic over plain HTTP, use the unsecore command.
Like the secure command, this command accepts the sitename that you wish to unsecure:
After unsecuring a site, you man need to restart your browser session because many browsers like Google Chrome cache redirects to HTTPS and will give you a hard time.
Listing all secure sites
The Herd CLI has a command to list all sites that have a local TLS certificate. You may want to use that for debugging purposes.
This gives you a similar output to this: