Merge pull request #465 from humanmade/product-dev-987/ssl-command

Add ssl command to download mkcert and generate ssl certificates
humanmade · May 6, 2022 · 93d9fe0 · 93d9fe0
2 parents 834823b + 2f11c98
commit 93d9fe0
Show file tree

Hide file tree

Showing 9 changed files with 411 additions and 208 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -20,13 +20,15 @@ before_script:
   - cd $HOME/test-root && composer require -W "$ALTIS_PACKAGE:dev-${TRAVIS_PULL_REQUEST_BRANCH:-$TRAVIS_BRANCH} as `jq \".\\\"packages-dev\\\"[] | select (.name==\\\"$ALTIS_PACKAGE\\\") | .version\" composer.lock | sed -e 's/\"//g;/^dev/q;s/\$/9/'`"
 
 script:
+  - cd $HOME/test-root && composer server ssl install
   - cd $HOME/test-root && composer server start
   - cd $HOME/test-root && composer server db info
   - cd $HOME/test-root && composer server db exec -- "select * from wp_site;"
   - cd $HOME/test-root && composer server status
   - cd $HOME/test-root && composer server exec -- ls -al
   - cd $HOME/test-root && composer server cli site list
   - cd $HOME/test-root && composer server start --xdebug=debug,profile
+  - curl https://test-root.altis.dev/ | grep '<title>'
   - cd $HOME/test-root && composer server exec printenv | grep XDEBUG_MODE=debug,profile
   - curl -XGET https://test-root.altis.dev/webgrind/ | grep '<title>webgrind</title>'
   - cd $HOME/test-root && composer server stop --clean

diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
@@ -38,9 +38,9 @@ insecureSkipVerify = true
   [entryPoints.https]
     address = ":443"
     [entryPoints.https.tls]
-      [[entryPoints.https.tls.certificates]]
-      certFile = "/etc/traefik/sni/cert/altis.pem"
-      keyFile = "/etc/traefik/sni/key/altis.pem"
+      [entryPoints.https.tls.defaultCertificate]
+        certFile = "/etc/traefik/ssl-cert.pem"
+        keyFile  = "/etc/traefik/ssl-key.pem"
 
 [web]
 address = ":8080"

diff --git a/docker/proxy.yml b/docker/proxy.yml
@@ -6,10 +6,9 @@ services:
     image: traefik:1.7
     container_name: altis-proxy
     volumes:
-      - "$PWD/conf/traefik.toml:/etc/traefik/traefik.toml"
-      - "$PWD/ssl.cert:/etc/traefik/ssl.cert"
-      - "$PWD/ssl.key:/etc/traefik/ssl.key"
-      - "$PWD/sni:/etc/traefik/sni"
+      - "$PWD/altis/local-server/docker/conf/traefik.toml:/etc/traefik/traefik.toml"
+      - "$PWD/ssl-cert.pem:/etc/traefik/ssl-cert.pem"
+      - "$PWD/ssl-key.pem:/etc/traefik/ssl-key.pem"
       - /var/run/docker.sock:/var/run/docker.sock
     ports:
       - '8080:8080'

diff --git a/docker/sni/cert/altis.pem b/docker/sni/cert/altis.pem
diff --git a/docker/sni/key/altis.pem b/docker/sni/key/altis.pem
diff --git a/docs/README.md b/docs/README.md
@@ -18,10 +18,45 @@ Navigate your shell to your project's directory. You should already have install
 
 ### Experimental Features
 
+#### Mutagen
+
 You may find that file sharing performance or server response times are slower than you would like on Windows or MacOS. Local Server provides an experimental integration with [Mutagen](https://mutagen.io/) to resolve this.
 
 See the [Mutagen set up guide for detailed instructions on how to install and run it](./mutagen-file-sharing.md).
 
+#### Subdomain and Custom domains in multisites
+
+Altis v12 introduces support for Subdomain multisites and Custom domains, where projects can choose custom domains for their local environments, instead of being locked to the altis.dev domain. This is in part facilitated by the new SSL certificate generation features introduced in Altis v12.
+
+The subdomain / domain *optional* config options can be configured as follows:
+
+```json
+{
+	"extra": {
+		"altis": {
+			"modules": {
+				"local-server": {
+					"name": "my-project",
+					"tld": "my-company.local",
+					"domains": [
+						"domain1.com",
+						"domain2.com",
+					],
+				}
+			}
+		}
+	}
+}
+```
+
+* `name` - Project name, used as the subdomain of the primary site, eg: `my-project`
+* `tld` -  TLD of the project, eg: `my-company.local`
+* `domains` - Custom domains used by the project, either for main or sub sites.
+
+Note: Altis does not manage the host entries for subdomains or custom domains, you'll need to manage those manually, via editing `/etc/hosts` in Linux / macOS, or `C:\Windows\System32\Drivers\etc\hosts` in Windows. Altis however tries to detect if those entries do not exist, and outputs the necessary configurations to add to your `hosts` file.
+
+Note: Before *updating* the custom domain configuration parameters, ensure that you've destroyed existing containers first before applying your changes, otherwise you'll be leaving orphan containers from the previous configuration.
+
 ## Starting the Local Server
 
 To start the Local Server, run `composer server`. The first time you run this it will download all the necessary Docker images.
@@ -40,23 +75,11 @@ Visiting your site's URL should now work. Visit `/wp-admin/` and login with the
 
 > [If the server does not start for any reason take a look at the troubleshooting guide](./troubleshooting.md)
 
-The subdomain used for the project can be configured via the `modules.local-server.name` setting:
+### Multisite Subdomains / Custom domains support
 
-```json
-{
-	"extra": {
-		"altis": {
-			"modules": {
-				"local-server": {
-					"name": "my-project"
-				}
-			}
-		}
-	}
-}
-```
+Altis v12 introduced experimental support for multisite subdomains and custom domains. In order to support custom (sub)domains, Altis is using [`mkcert`](https://github.com/FiloSottile/mkcert) to generate SSL certificates based on a custom generated Root Certificate Authority that is uniquely-generated and trusted on the host machine upon installation. This allows Altis local-server to generate local SSL certificates that is automatically trusted, which provides a convenient and seamless local development experience.
 
-**Multisite Subdomains:** Currently on local-server subdomains aren't supported. Subsites must use subdirectories.
+Note: Altis local-server automatically collects domains names to issue the SSL certificate for, based on Altis configuration in `composer.json`, namely the `altis.modules.local-server` tree, specifically the `name`, `tld`, and `domains` config parameteres.
 
 ## Available Commands
 
@@ -70,6 +93,10 @@ The subdomain used for the project can be configured via the `modules.local-serv
 * `composer server destroy [--clean]` - Stops and destroys all containers.
   * `--clean` will also destroy the proxy container, only use this if you have no other instances of Local Server
 * `composer server status` - Displays the status of all containers.
+* `composer server ssl` - Shows the status of local-server SSL certificate.
+  * `composer server ssl install` - Install mkcert locally and set it up to prepare for SSL generation.
+  * `composer server ssl generate custom-domain.com` - (re)generates the local-server SSL certificarte including `custom-domain.com`
+  * `composer server ssl exec -- [<command>]` - Execute custom `mkcert` commands, eg: `-uninstall` to revoke the root CA
 * `composer server logs <service>` - Tail the logs from a given service, defaults to `php`, available options are `nginx`, `php`, `db`, `redis`, `cavalcade`, `tachyon`, `s3` and `elasticsearch`.
 * `composer server shell` - Logs in to the PHP container.
 * `composer server cli -- <command>` - Runs a WP CLI command, you should omit the 'wp' for example `composer server cli -- info`