markshust
SSL For Multi Site Not
Description When I run the command to setup SSL with more than one domain. Instead of generating SSLS for the requested domains, it tries to generate an SSL for a bad domain name made up of the requested domains.
Steps To Reproduce
- Run
bin/setup-ssl <domain name> <domain name>
Expected Result Generated SSLs for each domain name.
Actual Result
ERROR: "
Hi, @epeetsTS
Thank you for reporting this issue. I have identified and resolved the problem with the setup-ssl script when generating SSL certificates for multiple domains in this PR.
I have updated the setup-ssl script to correctly handle multiple domains by iterating through each domain provided as an argument, generating individual SSL certificates. Here are the details of the changes:
You can now run the command as follows:
bin/setup-ssl <domain name> <domain name>
This will generate and install SSL certificates for your domains correctly.
Let me know if you encounter any further issues.
@YevhenZvieriev Unfortunately, even though this does work to generate an ssl for each domain and eliminates the error, it causes another problem with creating an ssl for a SINGLE domain instead for the domains requested. The cert and key overwrite each other in the for loop and in the end you only have an SSL for the latest domain and not all of them.
Since this was working before. My solution was simply to revert back to an old commit for the bin/setup-ssl from 2023 (linked below) which works as expected generating a single ssl for multiple domains.
https://github.com/markshust/docker-magento/blob/2c8159ea517ccd64333d93971f92fd9e32787019/compose/bin/setup-ssl
I could make it work based on a script that I found on some fork here. However, I can't find it anymore. This is what I did.
I created a new bin/setup-ssl-new script
#!/usr/bin/env bash
[ $# -eq 0 ] && echo "Please specify at least one domain (ex. mydomain.test)" && exit 1
# Generate certificate authority if not already setup
if ! bin/docker-compose exec -T -u root app cat /root/.local/share/mkcert/rootCA.pem | grep -q 'BEGIN CERTIFICATE'; then
bin/setup-ssl-ca
fi
for DOMAIN in "$@"; do
# Generate a unique file prefix based on the domain name
DOMAIN_WITHOUT_PORT=$(echo "$DOMAIN" | cut -d ':' -f1)
CERT_PREFIX=$(echo "$DOMAIN_WITHOUT_PORT" | tr '.' '_')
# Generate the certificate for the specified domain
bin/docker-compose exec -T -u root app mkcert -key-file "${CERT_PREFIX}.key" -cert-file "${CERT_PREFIX}.crt" "$DOMAIN_WITHOUT_PORT"
# Check if the certificates were created successfully
if bin/docker-compose exec -T -u root app test -f "${CERT_PREFIX}.key" && bin/docker-compose exec -T -u root app test -f "${CERT_PREFIX}.crt"; then
echo "Moving key and cert for $DOMAIN to /etc/nginx/certs/..."
bin/docker-compose exec -T -u root app chown app:app "${CERT_PREFIX}.key" "${CERT_PREFIX}.crt"
bin/docker-compose exec -T -u root app mv "${CERT_PREFIX}.key" "${CERT_PREFIX}.crt" /etc/nginx/certs/
else
echo "Error: Certificates for $DOMAIN were not created."
fi
done
# Restart nginx to apply the updates
echo "Restarting containers to apply updates..."
bin/restart
This iterates over the domains and creates the certificate for each domain under its specific name.
Then I created images/nginx/conf/default.conf
upstream fastcgi_backend {
server unix:/sock/docker.sock;
}
map $http_host $MAGE_RUN_CODE {
default website1_code;
website2.test website2_code;
}
server {
listen 8000;
server_name website1.test website2.test;
return 301 https://$host$request_uri;
}
server {
listen [::]:8443 ssl http2;
listen 8443 ssl http2;
server_name website1.test;
ssl_certificate /etc/nginx/certs/website1_test.crt;
ssl_certificate_key /etc/nginx/certs/website1_test.key;
set $MAGE_ROOT /var/www/html;
set $MAGE_RUN_TYPE website;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 128k;
location /livereload.js {
proxy_set_header Host $host;
proxy_pass http://phpfpm:35729/livereload.js;
}
location /livereload {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://phpfpm:35729/livereload;
}
include /var/www/html/nginx[.]conf;
}
server {
listen [::]:8443 ssl http2;
listen 8443 ssl http2;
server_name website2.test;
ssl_certificate /etc/nginx/certs/website2_test.crt;
ssl_certificate_key /etc/nginx/certs/website2_test.key;
set $MAGE_ROOT /var/www/html;
set $MAGE_RUN_TYPE website;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 128k;
location /livereload.js {
proxy_set_header Host $host;
proxy_pass http://phpfpm:35729/livereload.js;
}
location /livereload {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://phpfpm:35729/livereload;
}
include /var/www/html/nginx[.]conf;
}
Make sure you that different from the default.conf that was in a video tutorial that says this
listen [::]:8443 ssl http2 ipv6only=on; listen 8443 ssl http2;
you remove
ipv6only=on
Otherwise the app container won't run
Hi, @epeetsTS
Thank you for reporting this issue. I have identified and resolved the problem with the
setup-sslscript when generating SSL certificates for multiple domains in this PR.I have updated the
setup-sslscript to correctly handle multiple domains by iterating through each domain provided as an argument, generating individual SSL certificates. Here are the details of the changes:You can now run the command as follows:
bin/setup-ssl <domain name> <domain name>This will generate and install SSL certificates for your domains correctly.
Let me know if you encounter any further issues.
@YevhenZvieriev ssl also not working for me. do you have any idea what is the solution. sometime multiwebsite also not created. i don't know why?
@bhushanmeetanshi I came across this issue this morning so I've just written a quick PR to solve it.
https://github.com/markshust/docker-magento/pull/1200
