Make it easier to try out SSL with Sourcegraph

[ggilmore]

It's unlikely that a user will want to share Sourcegraph with the rest of their team until they have HTTPS set up.

Provisioning a real SSL certificate involves:

1. buying a domain name
2. buying a cert / setting up let's encrypt (might involve adding/modifying DNS records)
3. configuring Nginx to use the certificate
4. changing Sourcegraph's external URL to point to the purchased domain name

Using a self-signed certificate skips most of the above steps. Self-signed certificates won't be recognized by any browsers, but a user would probably willing to accept this tradeoff if it makes it easier to quickly demo/share Sourcegraph with the rest of their team. If the browser warnings become too annoying, they can tell people to install the fake certificate authority on their local machines or just provision a real certificate.

We can even use terraform scripts / pre-baked AMIs to skip most of the boilerplate involved with pointing Nginx at the self-signed cert and configuring Sourcegraph's external URL.

cc @ryan-blunden

[jacobmarble]

I'm happy to see this issue open. I've tried to setup HTTPS with 3.1.1, but totally blocked after 2+hours working on it. 2.x made this easier.

[jacobmarble]

#1951 is related

[ryan-blunden]

@jacobmarble Sorry you weren't able to get it working. As @ggilmore said, we're working to make self-signed HTTPS as easy to set up as possible, including having the browser trust the certificate.