[FEATURE]How to configure https？

[osvapp]

https how to configure certs location settings

[alainseys]

@qhtml5 here should be the first step a good implementation to handle the dns request properly without any /etc/hosts adjustments here we can take a look at dnsmasq when this is implemented correctly you can create ssl certificates properly (without any ssl warnings)

[MrOffline77]

Hi all,
thank your for your contribution to this project.
I would like to discuss with you if the SSL termination is in scope for the project.
The project serves as a local development environment. The question is to what extent the SSL termination is necessary here. To encrypt traffic ? To secure communication - if yes against what ?
Could you @qhtml5 explain us your usecase a little bit more, so we can better understand your issue in this case ?
In general, you can modify SSL Locations inside the Apache Webserver configuration.
Thank you !

[alainseys]

@MrOffline77 in my opinion a local dev en should be as close to an production environment so you can test you applications with ask enabled

[alainseys]

Hi, @MrOffline77

since i dit not received any feedback i have made an implementation of this that is workable

with dnsmasq active your local system wil listen on the *.test TLD without any need of changing /etc/hosts

[blizzardengle]

To secure communication - if yes against what ? ( @MrOffline77 )

For me I do a lot of API integrations for work and when testing integrations I can use localhost only if it has been secured: https://localhost. I also agree with:

A local dev [environment] should be as close to [a] production environment [as possible] ( @alainseys )

I found that this desire has been around for a while in #40 and #68 but it appears it has been abandoned. I plan to modify my local LAMP stack (built with this repo) using, Setup an Apache, PHP, and HTTPS development environment with Docker, for now.

I think it would be a great addition to have this feature built-in to the LAMP stack.

[alainseys]

@blizzardengle to implement https good you can take a look at dnsmask this will allow you to use a TLD like yourapplication.test with this implemented you can easy integrate https to your project

[blizzardengle]

@alainseys thank you for the suggestion. I followed Setup an Apache, PHP, and HTTPS development environment with Docker (with several modifications) and got https on localhost working.

I personally prefer this method because adding a new TLD like yourapplication.test is as simple as adding yourapplication.test to your computers host file and then adding a new entry in the config/vhosts/default.conf file. So almost everything SSL related is tied to your LAMP (docker) setup, except for editing your local host file.

I'll post a new comment here soon with a link to a PR that adds this feature to sprintcube's docker-compose-lamp.

[blizzardengle]

@alainseys just created the PR, see above comment. Since there is a little configuration involved here is a copy of the PR message:

---

This PR ( #208 ) adds support for SSL (HTTPS) in the LAMP server. It was designed to add simple https support on localhost but can be used for any domain name.

HTTPS on Localhost

To use https://localhost you will need to:

1. Use a tool like mkcert to create an SSL certificate for localhost.
   • With mkcert, in the terminal run mkcert localhost 127.0.0.1 ::1
   • Rename the files cert.pem and cert-key.pem respectively
   • Move the files into your docker setup by placing them in config/ssl
2. You will need to uncomment the 443 vhost in config/vhosts/default.conf

HTTPS with any Domain

1. Follow step 1 from the previous section HTTPS on Localhost but for the domain you wish to use locally.
   • You should probably choose different names for the files cert.pem and cert-key.pem, especially if you plan to add several https protected domains.
2. You will need to edit you machines hosts file and point the domain(s) to 127.0.0.1; these domains are meant for testing locally, we don't want your computer to perform a DNS query searching the internet for the domain.
3. You will need to uncomment the 443 vhost in config/vhosts/default.conf and modify it to match your domain name and certificate file names.
   • If you have multiple domains on https (443) then you will need to create multiple vhost entries for each of those domains.

Notable Additions by this PR

• Adds an ssl folder under config for your ssl cert(s)
• Adds the environment variable SSL_DIR that points to ./config/ssl
• Adds the environment variable HOST_MACHINE_PMA_SECURE_PORT to hopefully allow https access to phpmyadmin
  • Currently not working. I could use help with this if anyone is interested.
• Adds this line under volumes for the webserver in the docker-compose file: - ${SSL_DIR-./config/ssl}:/etc/apache2/ssl/
  • This is what allows you to place ssl certs in config/ssl and have them auto load into the server on startup.
• Adds this line under ports for the phpmyadmin in the docker-compose file: - "${HOST_MACHINE_PMA_SECURE_PORT}:443"
  • Currently not working. I could use help with this if anyone is interested.

[blizzardengle]

Before we talk more about dnsmasq I first want to discuss the question if ssl termination is inside the scope of a local development environment inside the issue #196. ( Quoted from 202, @MrOffline77 )

Speaking for myself, I added support for this with PR #208 because I need it for work. I do a lot of integrations and a big requirement is an https connection. Many of these integrations will allow me to test locally if I secure my localhost connection.

This also allows me to test applications locally closer to what their production deployments would be like. I will admit that some services block localhost altogether, but with this solution I have been able to stop using services like ngrok for some of my work; my employer doesn't pay for ngrok so being able to cut it out of my workflow has been nice.

Since adding support for any domain name besides localhost was so easy, I supported it as well in the PR. I personally could see myself using that for my dev work, but right now https on localhost is all I needed.

For anyone following this or stumbling on this later, here is a summary of what was added:

---

SSL (HTTPS)

Support for https domains is built-in but disabled by default. There are 3 ways you can enable and configure SSL; https on localhost being the easiest. If you are trying to recreating a testing environment as close as possible to a production environment, any domain name can be supported with more configuration.

Notice: For every non-localhost domain name you wish to use https on, you will need to modify your computers hosts file and point the domain name to 127.0.0.1. If you fail to do this SSL will not work and you will be routed to the internet every time you try to visit that domain name locally.

1) HTTPS on Localhost

To enable https on localhost (https://localhost) you will need to:

1. Use a tool like mkcert to create an SSL certificate for localhost:
   • With mkcert, in the terminal run mkcert localhost 127.0.0.1 ::1.
   • Rename the files that were generated cert.pem and cert-key.pem respectively.
   • Move these files into your docker setup by placing them in config/ssl directory.
2. Uncomment the 443 vhost in config/vhosts/default.conf.

Done. Now any time you turn on your LAMP container https will work on localhost.

2) HTTPS on many Domains with a Single Certificate

If you would like to use normal domain names for local testing, and need https support, the simplest solution is an SSL certificate that covers all the domain names:

1. Use a tool like mkcert to create an SSL certificate that covers all the domain names you want:
   • With mkcert, in the terminal run mkcert example.com "*.example.org" myapp.dev localhost 127.0.0.1 ::1 where you replace all the domain names and IP addresses to the ones you wish to support.
   • Rename the files that were generated cert.pem and cert-key.pem respectively.
   • Move these files into your docker setup by placing them in config/ssl directory.
2. Uncomment the 443 vhost in config/vhosts/default.conf.

Done. Since you combined all the domain names into a single certificate, the vhost file will support your setup without needing to modify it further. You could add domain specific rules if you wish however. Now any time you turn on your LAMP container https will work on all the domains you specified.

3) HTTPS on many Domain with Multiple Certificates

If you would like your local testing environment to exactly match your production, and need https support, you could create an SSL certificate for every domain you wish to support:

1. Use a tool like mkcert to create an SSL certificate that covers the domain name you want:
   • With mkcert, in the terminal run mkcert [your-domain-name(s)-here] replacing the bracket part with your domain name.
   • Rename the files that were generated to something unique like [name]-cert.pem and [name]-cert-key.pem replacing the bracket part with a unique name.
   • Move these files into your docker setup by placing them in config/ssl directory.
2. Using the 443 example from the vhost file (config/vhosts/default.conf), make new rules that match your domain name and certificate file names.

Done. The LAMP container will auto pull in any SSL certificates in config/ssl when it starts. As long as you configure the vhosts file correctly and place the SSL certificates in config/ssl, any time you turn on your LAMP container https will work on your specified domains.

[MrOffline77]

@blizzardengle
Thank you very much for your great explanations. Sounds totally reasonable to me.
Since I now know the use case better and it looks like there is a real usecase even inside dev envs, I merged your pull #208.
Thank you very much for your contribution. Feel free to create pull or issues for other stuff if you think it is missing :).
Cheers