search

docksal / addons

Community driven, submit your addon! Docksal addons that can be installed via `fin addon install` command.
MIT License
16 stars 34 forks source link

mkcert instructions don't seem to work #71

Closed mattbloomfield closed 3 years ago

mattbloomfield commented 3 years ago

I run this as the docks state $ fin addon install mkcert

Downloading addon hook files...
  mkcert.pre-install
Running pre-install hook...
[PRE-INSTALL] ERROR: Mkcert addon should installed globally, use 'fin addon install mkcert -g'

Then I run this, as instructed $ fin addon install mkcert -g

Then I run this $ fin mkcert create and get: 

Using the local CA at "/Users/MBloomfield/Library/Application Support/mkcert" ✨
ERROR: failed to read the CA key: open /Users/MBloomfield/Library/Application Support/mkcert/rootCA-key.pem: permission denied

It works if I run it with sudo, but should I have to? Also the rest of the process doesn't seem to work if I use sudo now.

lmakarov commented 3 years ago

@mattbloomfield I've just tried the installation steps and everything works as expected for me.

Installation:

leonid at Leonids-MBP-16 in ~/Work/Projects/test5 
$ fin addon install mkcert -g
Downloading addon hook files...
  mkcert.pre-install
Running pre-install hook...
[PRE-INSTALL] INFO: mkcert binary allready installed; found /usr/local/bin/mkcert
Downloading addon main script
  mkcert/mkcert
Addon mkcert was installed globally 

leonid at Leonids-MBP-16 in ~/Work/Projects/test5 
$ fin mkcert create
Using the local CA at "/Users/leonid/Library/Application Support/mkcert" ✨

Created a new certificate valid for the following names 📜
 - "*.test5.docksal"
 - "test5.docksal"

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.test5.docksal ℹ️

The certificate is at "/Users/leonid/.docksal/certs/test5.docksal.crt" and the key at "/Users/leonid/.docksal/certs/test5.docksal.key" ✅

Run fin project restart to load the new cert.

leonid at Leonids-MBP-16 in ~/Work/Projects/test5 
$ fin project restart
Disconnecting project network...
Stopping services...
Stopping test5_web_1 ... done
Stopping test5_cli_1 ... done
Stopping test5_db_1  ... done
Starting services...
Creating network "test5_default" with the default driver
Starting test5_cli_1 ... done
Starting test5_db_1  ... done
Starting test5_web_1 ... done
Connected vhost-proxy to "test5_default" network.
Waiting for project stack to become ready...

Verifying the cert is valid (curl does not through an error):

leonid at Leonids-MBP-16 in ~/Work/Projects/test5 
$ curl -I https://test5.docksal
HTTP/2 200 
server: openresty/1.17.8.1
date: Wed, 04 Nov 2020 22:53:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.19

I wonder if you had mkcert already installed globally, maybe with sudo. Try uninstalling it and this addon and start fresh:

mkcert -uninstall
rm -r "$(mkcert -CAROOT)"
rm $(which mkcert)
fin addon rm mkcert -g
mattbloomfield commented 3 years ago

Interesting. I didn't have it installed globally, but I was able to get it working by changing the permissions on the key file:

$ chmod u=rw,g=rw,o= ~/.docksal/certs/uschamber.docksal.key