Skip to content

Feat: generate ssl-cert#65

Open
MarikaBBB wants to merge 5 commits into
mainfrom
self-cert
Open

Feat: generate ssl-cert#65
MarikaBBB wants to merge 5 commits into
mainfrom
self-cert

Conversation

@MarikaBBB

@MarikaBBB MarikaBBB commented Jan 31, 2025

Copy link
Copy Markdown

This PR is in relation to the issue: Enable HTTPS #57 automated SSL certificate generation and modifications to the Docker image to enable HTTPS support in the WordPress container in local environment .

The ssl key is generated by a command found in the following article: https://letsencrypt.org/docs/certificates-for-localhost/

How to Test

  • run docker build -t wpc:https images/wordpress/

  • run docker run -p 127.0.0.1:80:80 wpc:https

  • run docker run -p 127.0.0.1:443:433 wpc:https

  • These steps are for building the image and verify that the container run port 80 and port 443 with name wpc and tag https. Then you can exit and run the wpc:https images/wordpress/ run on the saluki-test-site.

  • run script/server

  • Open the browser and check if https://localhost opens and check if the ssl-certificate is attached.

@MarikaBBB MarikaBBB marked this pull request as ready for review January 31, 2025 14:33
@snim2

snim2 commented Jan 31, 2025

Copy link
Copy Markdown
Contributor

@MarikaBBB @william-man do you want to add steps for testing to the description here?

Comment thread images/wordpress/Dockerfile Outdated

COPY openssl.cnf /etc/ssl/openssl.cnf
RUN openssl req -x509 -out /etc/ssl/certs/apache-localhost.crt \
-keyout /etc/ssl/private/apache-localhost.key \

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's indent these lines a little like lines 8-19 here

@snim2

snim2 commented Jan 31, 2025

Copy link
Copy Markdown
Contributor

@RobjS I think this is fine and it works OK for me (the browser complains because the cert is self-signed, but 🤷🏻 ). Is there anything else you'd want to do here apart from squashing that last commit?

@RobjS

RobjS commented Jan 31, 2025

Copy link
Copy Markdown
Contributor

@snim2 I've got this working, and have Saluki running on https (albeit with the browser complaining about the certificate). But there's a couple of things I'm unclear on here:

  • How this will interact with all our current projects using wpc? I think the intention is that they can continue to run on http://, but we could also optionally add https:// if we wanted by following similar steps to the test saluki-test-site branch. Is that correct?
  • How do we want to integrate this with the PHP8 work? That's currently on a separate branch, with the intention that once the PHP8 migration is complete we could merge it back into main (and I guess then delete the 8.2 branch, and make php8.2 a tag on the main branch instead, so that docker knows what to do wpc:php8.2refs). So it's probably ok just to merge this to main now, as long as we're happy there'll be no https support for PHP8 until the migration work is complete and we've merged the PHP8 branch back into main?

@snim2

snim2 commented Jan 31, 2025

Copy link
Copy Markdown
Contributor

@snim2 I've got this working, and have Saluki running on https (albeit with the browser complaining about the certificate). But there's a couple of things I'm unclear on here:

  • How this will interact with all our current projects using wpc? I think the intention is that they can continue to run on http://, but we could also optionally add https:// if we wanted by following similar steps to the test saluki-test-site branch. Is that correct?
  • How do we want to integrate this with the PHP8 work? That's currently on a separate branch, with the intention that once the PHP8 migration is complete we could merge it back into main (and I guess then delete the 8.2 branch, and make php8.2 a tag on the main branch instead, so that docker knows what to do wpc:php8.2refs). So it's probably ok just to merge this to main now, as long as we're happy there'll be no https support for PHP8 until the migration work is complete and we've merged the PHP8 branch back into main?
  • Yes, I think we just update the image as usual and then if people need to use https they can
  • I was intending to ask @MarikaBBB and @william-man to cherry pick these commits into a new PR for the 8.2 branch. My assumption is that at some point that will become main and main will become 7.4 but did you have something else in mind?

@RobjS

RobjS commented Jan 31, 2025

Copy link
Copy Markdown
Contributor

@snim2 I've got this working, and have Saluki running on https (albeit with the browser complaining about the certificate). But there's a couple of things I'm unclear on here:

  • How this will interact with all our current projects using wpc? I think the intention is that they can continue to run on http://, but we could also optionally add https:// if we wanted by following similar steps to the test saluki-test-site branch. Is that correct?
  • How do we want to integrate this with the PHP8 work? That's currently on a separate branch, with the intention that once the PHP8 migration is complete we could merge it back into main (and I guess then delete the 8.2 branch, and make php8.2 a tag on the main branch instead, so that docker knows what to do wpc:php8.2refs). So it's probably ok just to merge this to main now, as long as we're happy there'll be no https support for PHP8 until the migration work is complete and we've merged the PHP8 branch back into main?
  • Yes, I think we just update the image as usual and then if people need to use https they can
  • I was intending to ask @MarikaBBB and @william-man to cherry pick these commits into a new PR for the 8.2 branch. My assumption is that at some point that will become main and main will become 7.4 but did you have something else in mind?

Yes, that would work. It's just that however we do it, there needs to be some kind of php8.2 git reference that docker hub understands, as all our docker-compose files will be pointing at wpc:php8.2 rather than just wpc.

@snim2

snim2 commented Jan 31, 2025

Copy link
Copy Markdown
Contributor

So ideally we'd like the certificate to expire as far into the future as possible

Screenshot 2025-01-31 at 16 34 40

This was referenced Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants