Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL For Multi Site Not #1172

Open
epeetsTS opened this issue Jun 10, 2024 · 6 comments · May be fixed by #1200
Open

SSL For Multi Site Not #1172

epeetsTS opened this issue Jun 10, 2024 · 6 comments · May be fixed by #1200

Comments

@epeetsTS
Copy link

epeetsTS commented Jun 10, 2024
edited
Loading

Description
When I run the command to setup SSL with more than one domain. Instead of generating SSLS for the requested domains, it tries to generate an SSL for a bad domain name made up of the requested domains.

Steps To Reproduce

  1. Run bin/setup-ssl <domain name> <domain name>

Expected Result
Generated SSLs for each domain name.

Actual Result
ERROR: " " is not a valid hostname, IP, URL or email
@YevhenZvieriev YevhenZvieriev mentioned this issue Jun 10, 2024
Closed
@YevhenZvieriev
Copy link
Contributor

Hi, @epeetsTS

Thank you for reporting this issue. I have identified and resolved the problem with the setup-ssl script when generating SSL certificates for multiple domains in this PR.

I have updated the setup-ssl script to correctly handle multiple domains by iterating through each domain provided as an argument, generating individual SSL certificates. Here are the details of the changes:

You can now run the command as follows:

bin/setup-ssl <domain name> <domain name>

This will generate and install SSL certificates for your domains correctly.

Let me know if you encounter any further issues.

@epeetsTS
Copy link
Author

@YevhenZvieriev Unfortunately, even though this does work to generate an ssl for each domain and eliminates the error, it causes another problem with creating an ssl for a SINGLE domain instead for the domains requested. The cert and key overwrite each other in the for loop and in the end you only have an SSL for the latest domain and not all of them.

Since this was working before. My solution was simply to revert back to an old commit for the bin/setup-ssl from 2023 (linked below) which works as expected generating a single ssl for multiple domains.

https://github.com/markshust/docker-magento/blob/2c8159ea517ccd64333d93971f92fd9e32787019/compose/bin/setup-ssl

@pbritka
Copy link

pbritka commented Jul 13, 2024
edited
Loading

I could make it work based on a script that I found on some fork here. However, I can't find it anymore. This is what I did.

I created a new bin/setup-ssl-new script

#!/usr/bin/env bash
[ $# -eq 0 ] && echo "Please specify at least one domain (ex. mydomain.test)" && exit 1

# Generate certificate authority if not already setup
if ! bin/docker-compose exec -T -u root app cat /root/.local/share/mkcert/rootCA.pem | grep -q 'BEGIN CERTIFICATE'; then
  bin/setup-ssl-ca
fi

for DOMAIN in "$@"; do
  # Generate a unique file prefix based on the domain name
  DOMAIN_WITHOUT_PORT=$(echo "$DOMAIN" | cut -d ':' -f1)
  CERT_PREFIX=$(echo "$DOMAIN_WITHOUT_PORT" | tr '.' '_')

  # Generate the certificate for the specified domain
  bin/docker-compose exec -T -u root app mkcert -key-file "${CERT_PREFIX}.key" -cert-file "${CERT_PREFIX}.crt" "$DOMAIN_WITHOUT_PORT"

  # Check if the certificates were created successfully
  if bin/docker-compose exec -T -u root app test -f "${CERT_PREFIX}.key" && bin/docker-compose exec -T -u root app test -f "${CERT_PREFIX}.crt"; then
    echo "Moving key and cert for $DOMAIN to /etc/nginx/certs/..."
    bin/docker-compose exec -T -u root app chown app:app "${CERT_PREFIX}.key" "${CERT_PREFIX}.crt"
    bin/docker-compose exec -T -u root app mv "${CERT_PREFIX}.key" "${CERT_PREFIX}.crt" /etc/nginx/certs/
  else
    echo "Error: Certificates for $DOMAIN were not created."
  fi
done

# Restart nginx to apply the updates
echo "Restarting containers to apply updates..."
bin/restart

This iterates over the domains and creates the certificate for each domain under its specific name.

Then I created images/nginx/conf/default.conf

upstream fastcgi_backend {
  server unix:/sock/docker.sock;
}

map $http_host $MAGE_RUN_CODE {
    default website1_code;
    website2.test website2_code;    
}

server {
  listen 8000;
  server_name website1.test website2.test;
  return 301 https://$host$request_uri;
}

server {
  listen [::]:8443 ssl http2;
  listen 8443 ssl http2;

  server_name website1.test;

  ssl_certificate /etc/nginx/certs/website1_test.crt;
  ssl_certificate_key /etc/nginx/certs/website1_test.key;

  set $MAGE_ROOT /var/www/html;
  set $MAGE_RUN_TYPE website;

  fastcgi_buffer_size 64k;
  fastcgi_buffers 8 128k;

  location /livereload.js {
    proxy_set_header Host $host;
    proxy_pass http://phpfpm:35729/livereload.js;
  }

  location /livereload {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_pass http://phpfpm:35729/livereload;
  }

  include /var/www/html/nginx[.]conf;
}

server {
  listen [::]:8443 ssl http2;
  listen 8443 ssl http2;

  server_name website2.test;

  ssl_certificate /etc/nginx/certs/website2_test.crt;
  ssl_certificate_key /etc/nginx/certs/website2_test.key;

  set $MAGE_ROOT /var/www/html;
  set $MAGE_RUN_TYPE website;

  fastcgi_buffer_size 64k;
  fastcgi_buffers 8 128k;

  location /livereload.js {
    proxy_set_header Host $host;
    proxy_pass http://phpfpm:35729/livereload.js;
  }

  location /livereload {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_pass http://phpfpm:35729/livereload;
  }

  include /var/www/html/nginx[.]conf;
}

Make sure you that different from the default.conf that was in a video tutorial that says this

listen [::]:8443 ssl http2 ipv6only=on;
listen 8443 ssl http2;

you remove

ipv6only=on

Otherwise the app container won't run

@bhushanmeetanshi
Copy link

Hi, @epeetsTS

Thank you for reporting this issue. I have identified and resolved the problem with the setup-ssl script when generating SSL certificates for multiple domains in this PR.

I have updated the setup-ssl script to correctly handle multiple domains by iterating through each domain provided as an argument, generating individual SSL certificates. Here are the details of the changes:

You can now run the command as follows:

bin/setup-ssl <domain name> <domain name>

This will generate and install SSL certificates for your domains correctly.

Let me know if you encounter any further issues.

@YevhenZvieriev ssl also not working for me. do you have any idea what is the solution. sometime multiwebsite also not created. i don't know why?

@nathanchick
Copy link

@bhushanmeetanshi I came across this issue this morning so I've just written a quick PR to solve it.

#1200

@nathanchick nathanchick linked a pull request Jul 29, 2024 that will close this issue
Open
@jmagbanua
Copy link

Seems the fix from @nathanchick worked on my end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Updated bin/setup-ssl to support multi site ssl generation DeployEcommerce/docker-magento
6 participants
@nathanchick @jmagbanua @pbritka @YevhenZvieriev @bhushanmeetanshi @epeetsTS