search

ddev / ddev

Docker-based local PHP+Node.js web development environments
https://ddev.com
Apache License 2.0
2.65k stars 592 forks source link

https not working (not secure / not private) WSL2 Ubuntu 22.04 #5026

Closed therobyouknow closed 1 year ago

therobyouknow commented 1 year ago

Is there an existing issue for this?

Output of ddev debug test

"I have searched the existing issues" - e.g: including:

Expand `ddev debug test` diagnostic information ``` $ ddev debug test Running bash [-c /tmp/test_ddev.sh] ======= Existing project config ========= These config files were loaded for project debra-local: [/home/robdavis/clients/defra/rpa/dev/sites/debra-local/.ddev/config.yaml] name: debra-local type: php docroot: html php_version: 8.0 webserver_type: nginx-fpm webimage: drud/ddev-webserver:v1.21.5 router_http_port: 80 router_https_port: 443 additional_hostnames: [] additional_fqdns: [] database: {mariadb 10.4} mailhog_port: 8025 mailhog_https_port: 8026 phpmyadmin_port: 8036 phpmyadmin_https_port: 8037 project_tld: ddev.site use_dns_when_possible: true composer_version: 2 nodejs_version: 16 default_container_timeout: 120 ======= Creating dummy project named tryddevproject-2936 in ../tryddevproject-2936 ========= OS Information: Linux UOS-214251 5.15.90.1-microsoft-standard-WSL2 #1 SMP Fri Jan 27 02:56:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux User information: uid=1000(robdavis) gid=1000(robdavis) groups=1000(robdavis),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),116(netdev),999(docker) DDEV version: ITEM VALUE DDEV version v1.21.6 architecture amd64 db drud/ddev-dbserver-mariadb-10.4:v1.21.5 dba phpmyadmin:5 ddev-ssh-agent drud/ddev-ssh-agent:v1.21.5 docker 24.0.2 docker-compose v2.15.1 docker-platform UOS-214251 mutagen 0.16.0 os linux router drud/ddev-router:v1.21.5 web drud/ddev-webserver:v1.21.5 PROXY settings: HTTP_PROXY='' HTTPS_PROXY='' http_proxy='' NO_PROXY='' ======= DDEV global info ========= Global configuration: instrumentation-opt-in=true omit-containers=[] mutagen-enabled=false nfs-mount-enabled=false router-bind-all-interfaces=false internet-detection-timeout-ms=3000 disable-http2=false use-letsencrypt=false letsencrypt-email= table-style=default simple-formatting=false auto-restart-containers=false use-hardened-images=false fail-on-hook-fail=false required-docker-compose-version= use-docker-compose-from-path=false project-tld= xdebug-ide-location= no-bind-mounts=false use-traefik=false wsl2-no-windows-hosts-mgt=false ======= DOCKER info ========= docker location: -rwxr-xr-x 1 root root 35921656 May 25 22:51 /usr/bin/docker docker version: Client: Docker Engine - Community Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:51:00 2023 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 24.0.2 API version: 1.43 (minimum version 1.12) Go version: go1.20.4 Git commit: 659604f Built: Thu May 25 21:51:00 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.21 GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8 runc: Version: 1.1.7 GitCommit: v1.1.7-0-g860f061 docker-init: Version: 0.19.0 GitCommit: de40ad0 DOCKER_DEFAULT_PLATFORM=notset ======= Mutagen Info ========= ======= Docker Info ========= Docker platform: UOS-214251 Using docker context: default (unix:///var/run/docker.sock) docker-compose: v2.15.1 Using DOCKER_HOST=unix:///var/run/docker.sock Docker version: 24.0.2 Able to run simple container that mounts a volume. Able to use internet inside container. Docker disk space: Filesystem Size Used Available Use% Mounted on overlay 1006.9G 8.1G 947.6G 1% / Container ddev-debra-local-db Removed Container ddev-debra-local-dba Removed Container ddev-debra-local-web Removed Network ddev-debra-local_default Removed Project debra-local has been stopped. The ddev-ssh-agent container has been removed. When you start it again you will have to use 'ddev auth ssh' to provide key authentication again. Existing docker containers: CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES Creating a new ddev project config in the current directory (/home/robdavis/clients/defra/rpa/dev/sites/tryddevproject-2936) Once completed, your configuration will be written to /home/robdavis/clients/defra/rpa/dev/sites/tryddevproject-2936/.ddev/config.yaml Configuring unrecognized codebase as project type 'php' at /home/robdavis/clients/defra/rpa/dev/sites/tryddevproject-2936/web Configuration complete. You may now run 'ddev start'. Network ddev_default created Starting tryddevproject-2936... Container ddev-ssh-agent Started ssh-agent container is running: If you want to add authentication to the ssh-agent container, run 'ddev auth ssh' to enable your keys. Network ddev-tryddevproject-2936_default Created Container ddev-tryddevproject-2936-web Started Container ddev-tryddevproject-2936-dba Started Container ddev-tryddevproject-2936-db Started Container ddev-router Started Successfully started tryddevproject-2936 Project can be reached at https://tryddevproject-2936.ddev.site https://127.0.0.1:32796 ======== Curl of site from inside container: HTTP/1.1 200 OK Server: nginx Date: Mon, 26 Jun 2023 13:28:11 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding ======== curl -I of http://tryddevproject-2936.ddev.site from outside: HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Mon, 26 Jun 2023 13:28:11 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding ======== full curl of http://tryddevproject-2936.ddev.site from outside: Success accessing database... db via TCP/IP ddev is working. You will want to delete this project with 'ddev delete -Oy tryddevproject-2936' ======== Project ownership on host: drwxr-xr-x 4 robdavis robdavis 4096 Jun 26 14:27 ../tryddevproject-2936 ======== Project ownership in container: drwxr-xr-x 4 robdavis robdavis 4096 Jun 26 13:27 /var/www/html ======== In-container filesystem: Filesystem Type 1K-blocks Used Available Use% Mounted on /dev/sdc ext4 1055762868 8640668 993418728 1% /var/www/html ======== curl again of tryddevproject-2936 from host: Success accessing database... db via TCP/IP ddev is working. You will want to delete this project with 'ddev delete -Oy tryddevproject-2936' Thanks for running the diagnostic. It was successful. Please provide the output of this script in a new gist at gist.github.com Running ddev launch in 5 seconds /usr/bin/xdg-open: 882: x-www-browser: Permission denied /usr/bin/xdg-open: 882: firefox: Permission denied /usr/bin/xdg-open: 882: iceweasel: Permission denied /usr/bin/xdg-open: 882: seamonkey: Permission denied /usr/bin/xdg-open: 882: mozilla: Permission denied /usr/bin/xdg-open: 882: epiphany: Permission denied /usr/bin/xdg-open: 882: konqueror: Permission denied /usr/bin/xdg-open: 882: chromium: Permission denied /usr/bin/xdg-open: 882: chromium-browser: Permission denied /usr/bin/xdg-open: 882: google-chrome: Permission denied /usr/bin/xdg-open: 882: www-browser: Permission denied /usr/bin/xdg-open: 882: links2: Permission denied /usr/bin/xdg-open: 882: elinks: Permission denied /usr/bin/xdg-open: 882: links: Permission denied /usr/bin/xdg-open: 882: lynx: Permission denied /usr/bin/xdg-open: 882: w3m: Permission denied xdg-open: no method available for opening 'https://tryddevproject-2936.ddev.site' Failed to run launch ; error=exit status 3 If you're brave and you have jq you can delete all tryddevproject instances with this one-liner: ddev delete -Oy $(ddev list -j |jq -r .raw[].name | grep tryddevproject) In the future ddev debug test will also provide this option. Please delete this project after debugging with 'ddev delete -Oy tryddevproject-2936' robdavis@UOS-214251:~/clients/defra/rpa/dev/sites/debra-local$ ```

Expected Behavior

Visit ddev project: https://debra-local.ddev.site/

and for https to be fully working with padlock.

Actual Behavior

Instead of expected behaviour I got "not secure" "Your connection is not private"

image

Steps To Reproduce

run ddev as usual.

tried uninstalling mkcert and re-installing as per mentioned issue. powered down ddev and started: ddev poweroff , ddev start

https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#linux

Anything else?

No response

rfay commented 1 year ago

Hi @therobyouknow - To make this work, you must have mkcert trusted on the Windows side. The WSL2 install scripts set this up for you, see https://github.com/ddev/ddev/blob/8ce4d1e497b0bb7ab42d2e10a5f623bc20b75c9a/scripts/install_ddev_wsl2_docker_inside.ps1#L38-L40

Did you use the script to set up your WSL2 setup?

Have you run mkcert -install on Windows?

What does echo CAROOT=$CAROOT say inside wsl2?

What is the value of WSLENV on the windows side?

You didn't do the requested ddev debug test and include the output. Could you please do that? You can add the output as a file or as a gist on gist.github.com

therobyouknow commented 1 year ago

Sorry @rfay I clicked "Update comment" before I had finished answering the rest of the questions and was working on answering them and then you kindly replied during while I was editing the comment.

Here are the rest of the answers in this updated comment:

To make this work, you must have mkcert trusted on the Windows side.

Since my original posting of this issue, on your advice I have now installed mkcert on Windows side with chocolatey and then used it to install mkcert

https://chocolatey.org/install

PS C:\WINDOWS\system32> Get-ExecutionPolicy                                                                             RemoteSigned                                                                                                            PS C:\WINDOWS\system32> Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

choco install mkcert -y

What does echo CAROOT=$CAROOT say inside wsl2?

Did you use the script to set up your WSL2 setup?

By 'the script', are you referring to:

mkcert -install 
 $env:CAROOT="$(mkcert -CAROOT)" 
 setx CAROOT $env:CAROOT; If ($Env:WSLENV -notlike "*CAROOT/up:*") { $env:WSLENV="CAROOT/up:$env:WSLENV"; setx WSLENV $Env:WSLENV }

I'm not sure but I have just run it now. Possibly not. I attempted to follow: https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/ I note https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#windows and I'll check through that.

$ echo CAROOT=$CAROOT
CAROOT=

What is the value of WSLENV on the windows side?

C:\Users\rd4n23>echo %WSLENV%
CAROOT/up:

You didn't do the requested ddev debug test and include the output.

Sorry @rfay, I think I did in the original initial comment on this issue:

image

rfay commented 1 year ago

That's the problem of course. It would be kind if you would follow up on the other questions. Also you might consider running the appropriate install script, see https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#windows

The install script shouldn't mess up anything you already have.

therobyouknow commented 1 year ago

Sorry @rfay I clicked "Update comment" before I had finished answering the rest of the questions and was working on answering them and then you kindly replied during while I was editing the comment. The above comment is now been updated, thanks for getting back to me. I think the next step would be to go through https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#windows (Because the 'tab' says "Windows" I mistakenly don't use it because with WSL2 I have Linux, so perhaps the tab should read "Windows (WSL2)" or there should be an additional WSL2 tab.

I've set up WSL2 many times before but a lot of time passes between each setup so I forget any nuances in the documentation, though I do try to screenshot can copy terminal output each time to refer back to. I need a method for organising, though posting issues on github followed by outcomes can be helpful too.

rfay commented 1 year ago

There are PS scripts in the docs that do the full WSL2 installation for you. Would you mind using the script? https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#windows

therobyouknow commented 1 year ago

Successful thank you @rfay therefore now closing this issue.

After running step 2 of in https://ddev.readthedocs.io/en/latest/users/install/ddev-installation/#windows - i.e.:

In an administrative PowerShell run this PowerShell script by executing:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072;
iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/ddev/ddev/master/scripts/install_ddev_wsl2_docker_inside.ps1'))

I then re-booted my machine (not sure if needed but there was some notices in the output indicating this)

Then I ran up ddev and my site now has working https - fully usual padlock no warnings.

Thank you very much.

Here is the output I got from the above step for reference: https://gist.github.com/therobyouknow/d0da4f2e41dcc378c212029b43a0edb2

rfay commented 1 year ago

Glad it's working for you!

Mtillmann commented 7 months ago

Thanks for the solution @rfay . I just want to add what caused it for me, to make this issue and fix more visible to search engines and LLMs: The issue arises when you update DDEV inside WSL but forget to update DDEV on the windows host. Running the installer script again on the windows host mitigates the issue and SSL works as expected

Nick-Hope commented 7 months ago

I'll also note that, in my case, this happened because the wampstackApache Windows service from Bitnami WAMP was set to the 'Automatic' startup type, so I set that (and the wampstackMariaDB service) to 'Manual'. Bitnami WAMP will still run if I need it, but I no longer get 'Certificate is not valid' browser errors with DDEV.