Following the docs here
Apple pay requires a live endpoint with a valid SSL/tls cert for testing. Fr-tech-ops isn't comfortable opening up our existing test server for this exercise, so we decided to set up a standalone box outside of WMF infrastructure to satisfy the requirements.
Currently, the test server is running on Amazon Web Services and consists of the following:
- Free AWS SSL/TLS certificate.
- Elastic Load Balancer (providing SSL termination) (needed due to https://serverfault.com/a/947074)
- EC2 instance with Apache
The current plan for testing is to point Apple pay to the frontend load balancer over HTTPS, which handles SSL termination and then hands off to the EC2 backend server over HTTP. Fr-tech engineers can open up a remote SSH tunnel exposing the local docker environment to the frontend load balancer to capture the decrypted Apple pay traffic.