Support rails relative_root_url

elct9620 / rails-letsencrypt

The Let's Encrypt certificate manager for rails

MIT License

129 stars 39 forks source link

Support rails relative_root_url #26

Open cmacduff opened 4 years ago

cmacduff commented 4 years ago

Doesn't seem like this gem supports this configuration: https://guides.rubyonrails.org/configuring.html#deploy-to-a-subdirectory-relative-url-root it always assumes the engine can be mounted at /.well_known

elct9620 commented 4 years ago

This gem is based on Rails Engine, but I am not sure the Rails is supported relative_url_root in this case or not.

There have a https://github.com/rails/rails/issues/31476 discuss it, but the PR seems not active and didn't be merged. Maybe you can try mount LetsEncrypt::Engine => '/myroot/.well-known', I have no idea how to detect the relative_url_root in the Rails Engine for now.

cmacduff commented 4 years ago

@elct9620 I dug into this one a bit more, I don't think it's possible. The ACME challenge requires this to be at the root of the domain: https://github.com/unixcharles/acme-client/blob/38f4e17bc9e4ec21c3a417a085d843d1fb7f8b4d/lib/acme/client/resources/challenges/http01.rb#L16 which is how the spec is written for an HTTP-01 challenge: https://letsencrypt.org/docs/challenge-types/

There could be support for a DNS-01 challenge, which the ACME client does support: https://github.com/unixcharles/acme-client#preparing-for-dns-challenge This gem would have to support different DNS services.

If I put together something to support multiple DNS services with a setup for Route53, would you be open to a PR for that?

elct9620 commented 4 years ago

This gem depends on the Rails Engine, it didn't directly use acme-client to serve the /.well-known endpoint, according to the issue I point out in my previous comment, the Rails didn't support apply relative_root_url to the mounted engine.

The DNS support is required the plugin support for this gem and changes the current flow.

For example, we may want to add Route53, CloudFlare support, but it adds a lot of dependency for others didn't need it. Therefore, we need to add the plugin gem rails-letsencrypt-router53 or rails-letsencrypt-cloudflare to extend the features to support it, I think we are not ready for it.

elct9620 commented 4 years ago

I create an issue (https://github.com/elct9620/rails-letsencrypt/issues/27) for DNS-challenge feature.