magento2-vagrant-for-developers icon indicating copy to clipboard operation
magento2-vagrant-for-developers copied to clipboard

Published 20 hours ago verified publisher icon paliarush

SSL Support

Open jasonheecs opened this issue 8 years ago • 2 comments
trafficstars

I think it would be great if there was an automated way to provision the Vagrant box for self-signed SSL support. Maybe it should be a bash script that the user can run? What do you think?

jasonheecs avatar Nov 18 '16 09:11 jasonheecs

Hi Jason, here is how I enable SSL on this environment:

#!/usr/bin/env bash

sudo apt-get update
sudo apt-get install openssl
sudo a2enmod ssl

sudo mkdir -p /etc/ssl/private/
sudo openssl genrsa -des3 -out /etc/ssl/private/magento2.vagrant.key 4096

# User input

sudo openssl req -new -key /etc/ssl/private/magento2.vagrant.key -out /etc/ssl/private/magento2.vagrant.csr

# User input

sudo openssl x509 -req -days 365 -in /etc/ssl/private/magento2.vagrant.csr -signkey /etc/ssl/private/magento2.vagrant.key -out /etc/ssl/private/magento2.vagrant.crt

# User input

sudo openssl rsa -in /etc/ssl/private/magento2.vagrant.key -out /etc/ssl/private/magento2.vagrant.key.insecure

# User input

sudo mv /etc/ssl/private/magento2.vagrant.key /etc/ssl/private/magento2.vagrant.key.secure
sudo mv /etc/ssl/private/magento2.vagrant.key.insecure /etc/ssl/private/magento2.vagrant.key

sudo service apache2 restart

And in magento2.conf replace contents with the following. It is better not to use mixed mode so when HTTPS is enabled HTTP should be disabled:

<IfModule ssl_module>
    <VirtualHost *:443>
        ServerName magento2.vagrant
        SSLEngine on
        SSLCertificateFile /etc/ssl/private/magento2.vagrant.crt
        SSLCertificateKeyFile /etc/ssl/private/magento2.vagrant.key

        DocumentRoot /<your_path>/magento2ce
        <Directory /<your_path>/magento2ce>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>
    </VirtualHost>
</IfModule>

And there is tricky part, when you try to enable/disable varnish (see https://github.com/paliarush/magento2-vagrant-for-developers/blob/2.0/scripts/guest/configure_varnish), your 443 host may be reset.

Jason, if you can resolve issues with varnish and eliminate user input steps - I would be glad to see a PR from you.

paliarush avatar Nov 18 '16 16:11 paliarush

Hi @paliarush, yeah, I experimented around with it, and it seems really tricky. Varnish doesn't support SSL termination. How about installing Nginx on the Vagrant box and using it as a SSL termination proxy?

Edit: Nevermind, the same issue with Varnish seem to occur even if you use Nginx instead of openssl. May need to relook at this from another perspective.

jasonheecs avatar Dec 02 '16 04:12 jasonheecs