search

laravel / octane

Supercharge your Laravel application's performance.
https://laravel.com/docs/octane
MIT License
3.78k stars 296 forks source link

SSL support for Swoole HTTP Server not working #155

Closed viezel closed 3 years ago

viezel commented 3 years ago

Description:

When using Swoole HTTP Server directly without nginx as proxy - then we need to configure SSL.

In Swoole it looks like this:

$server = new Swoole\HTTP\Server(
   "0.0.0.0", 
   9501, 
   SWOOLE_PROCESS, 
   SWOOLE_SOCK_TCP | SWOOLE_SSL
);

$server->set([
  'ssl_cert_file' => '/etc/nginx/ssl/direct.example.com/3456789/server.crt',
  'ssl_key_file' => '/etc/nginx/ssl/direct.example.com/3456789/server.key',
  'ssl_ciphers' => 'TLS13-AES-256-GCM-SHA384:TLS13-...', // long string
]);

However, we cannot add the SWOOLE_SSL to the Server arguments in here: https://github.com/laravel/octane/blob/master/bin/createSwooleServer.php#L10

Can we please expose this as a config?

themsaid commented 3 years ago

You can use the octane.swoole.options array in the config file to set those.

viezel commented 3 years ago

Im talking about this flag SWOOLE_SSL

where do you see that in the options?

themsaid commented 3 years ago

@viezel feel free to open a PR. However, I think this flag is only available in some Swoole builds not all. You'll need to check with the Swoole team first.

Undefined constant "SWOOLE_SSL"
viezel commented 3 years ago

Correct, if you do not enable openssl then it will not work

viezel commented 3 years ago

This however opens a discussion on which swoole modules that is required enabled by Octane.

pecl install --configureoptions 'enable-sockets="no" enable-openssl="yes" enable-http2="yes" enable-mysqlnd="yes" enable-swoole-json="no" enable-swoole-curl="yes"' swoole

kiddtang commented 3 years ago

Created PR for this #342 For those who are looking for how to turn on HTTPS from scratch, can find the tutorial here.

L3o-pold commented 3 years ago

@viezel feel free to open a PR. However, I think this flag is only available in some Swoole builds not all. You'll need to check with the Swoole team first.

Undefined constant "SWOOLE_SSL"

Then why it was merged in #342?

Error  Undefined constant "SWOOLE_SSL"

It was release yesterday as a patch release (https://github.com/laravel/octane/releases/tag/v1.0.9) but for me it's a breaking change.

kressaty commented 3 years ago

@L3o-pold I also had this issue using Sail, I had to update Sail, replace my published dockerfile, and sail build to get functionality back. Still throwing some warnings but I think it's due to my supervisor command, though my app does work again.

sy-records commented 3 years ago 
Undefined constant "SWOOLE_SSL"

You need to compile Swoole with openssl enabled (--enable-openssl).

kiddtang commented 3 years ago

@viezel feel free to open a PR. However, I think this flag is only available in some Swoole builds not all. You'll need to check with the Swoole team first.

Undefined constant "SWOOLE_SSL"

Then why it was merged in #342?

Error  Undefined constant "SWOOLE_SSL"

It was release yesterday as a patch release (https://github.com/laravel/octane/releases/tag/v1.0.9) but for me it's a breaking change.

if $config['swoole'][ssl'] is not defined, it shouldn't turn on openssl and trigger the error.

The quick fix without rebuild, define config/octane.php with

    'swoole' => [
        'ssl' => false,
    ],

I think it is better to update to latest Laravel Sail version as it is not using PECL to install Swoole. It is using php8.0-swoole which it faster in building the sail app docker image.

L3o-pold commented 3 years ago

@kiddtang editing config/octane.php is not a solution as https://github.com/laravel/octane/pull/342/files#diff-8579bc8f34b623c394a7220fd2277cb0a8183b6c9a77d99f106f9995c5a6b46dR10 will always use the SWOOLE_SSL constant.

And for my case it was not an issue in dev environment with sail but with a production environment that was not having openssl enabled for Swoole. IMO it's a breaking change that should not be released like that.

In addition using functional testing (https://laravel.com/docs/8.x/http-tests#making-requests) will not help you to trigger the issue as it's not testing octane unfortunately.

sts-ryan-holton commented 7 months ago

@L3o-pold I'm getting a similar issue I believe. I'm using Apache vhosts and have generated a let's encryps ssl certificate. How can I serve my application through ssl? I added 

'swoole' => [
    'ssl' => true,
    'options' => [
        'ssl_cert_file' => '/etc/letsencrypt/live/icicle-v2.example.org/cert.pem',
        'ssl_key_file' => '/etc/letsencrypt/live/icicle-v2.example.org/privkey.pem',
    ]
],

to my config file. Do I need to? Or should it be completely done via apache because that gives me a connection refused:

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/

    ServerName icicle-v2.example.org
    ServerAdmin admin@localhost
    DocumentRoot /var/www/example/current/public

    <Directory /var/www/example/current/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/

    ServerName icicle.example.org
    ServerAdmin admin@localhost
    DocumentRoot /var/www/example/current/public;

    <Directory /var/www/example/current/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>