search

laravel / valet

A more enjoyable local development experience for Mac.
https://laravel.com/docs/valet
MIT License
2.52k stars 698 forks source link

Valet Secure No Longer Works #1228

Closed jacobgraf closed 2 years ago

jacobgraf commented 2 years ago

Description:

When running valet secure within a parked site directory, the command never finishes. No other output is given. Afterwards, looking at valet parked shows that the site has SSL and is secured, but it is not accessible via https.

Diagnosis

sw_vers 
ProductName:   macOS
ProductVersion: 12.3.1
BuildVersion:   21E258
valet --version 
Laravel Valet 3.1.0
cat ~/.config/valet/config.json 
{
    "tld": "test",
    "loopback": "127.0.0.1",
    "paths": [
        "/Users/jacobgraf/Sites"
    ]
}
cat ~/.composer/composer.json 
{
    "require": {
        "laravel/envoy": "~2.0",
        "spatie/phpunit-watcher": "^1.23",
        "laravel/valet": "^3.0",
        "laravel/installer": "^4.2"
    }
}
composer global diagnose 
Changed current directory to /Users/jacobgraf/.composer
Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.3.3
PHP version: 8.0.17
PHP binary path: /opt/homebrew/Cellar/php@8.0/8.0.17/bin/php
OpenSSL version: OpenSSL 1.1.1m  14 Dec 2021
cURL version: 7.82.0 libz 1.2.11 ssl (SecureTransport) OpenSSL/1.1.1n
zip: extension present, unzip present, 7-Zip not available
composer global outdated 
Changed current directory to /Users/jacobgraf/.composer
Legend:
! patch or minor release available - update recommended
~ major release available - update possible
symfony/finder    v5.4.3  ~ v6.0.3 Finds files and directories via an intuit...
tightenco/collect v8.83.6 ~ v9.6.0 Collect - Illuminate Collections as a sep...
ls -al /etc/sudoers.d/ 
total 0
drwxr-xr-x   2 root  wheel    64 Mar 26 02:21 .
drwxr-xr-x  82 root  wheel  2624 Apr  2 10:29 ..
brew config 
HOMEBREW_VERSION: 3.4.4
ORIGIN: https://github.com/Homebrew/brew
HEAD: 5f5af43244eaece1f09d695603e1a261676713a0
Last commit: 8 days ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 5d09cceb4f0b596db05f50a44fcbe7bd4ee9fc5b
Core tap last commit: 24 minutes ago
Core tap branch: master
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_CORE_GIT_REMOTE: https://github.com/Homebrew/homebrew-core
HOMEBREW_EDITOR: vim
HOMEBREW_MAKE_JOBS: 10
Homebrew Ruby: 2.6.8 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: 10-core 64-bit arm_firestorm_icestorm
Clang: 13.1.6 build 1316
Git: 2.35.1 => /opt/homebrew/bin/git
Curl: 7.79.1 => /usr/bin/curl
macOS: 12.3.1-arm64
CLT: 13.3.0.0.1.1645755326
Xcode: N/A
Rosetta 2: false
brew services list 
Name      Status User      File
dnsmasq   none            root      
httpd     none                      
mysql     started         jacobgraf ~/Library/LaunchAgents/homebrew.mxcl.mysql.plist
mysql@5.7 stopped         root      ~/Library/LaunchAgents/homebrew.mxcl.mysql@5.7.plist
nginx     none            root      
php@8.0   none            root
brew list --formula --versions | grep -E "(php|nginx|dnsmasq|mariadb|mysql|mailhog|openssl)(@\d\..*)?\s" 
dnsmasq 2.86
mysql 8.0.28_1
mysql@5.7 5.7.37
nginx 1.21.6_1
openssl@1.1 1.1.1n
php@8.0 8.0.17
brew outdated 





brew tap

homebrew/cask
homebrew/core
homebrew/services
shivammathur/php
shopify/shopify





php -v

PHP 8.0.17 (cli) (built: Mar 18 2022 09:32:28) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.17, Copyright (c) Zend Technologies
    with Xdebug v3.1.2, Copyright (c) 2002-2021, by Derick Rethans
    with Zend OPcache v8.0.17, Copyright (c), by Zend Technologies





which -a php

/opt/homebrew/bin/php





php --ini

Configuration File (php.ini) Path: /opt/homebrew/etc/php/8.0
Loaded Configuration File:         /opt/homebrew/etc/php/8.0/php.ini
Scan for additional .ini files in: /opt/homebrew/etc/php/8.0/conf.d
Additional .ini files parsed:      /opt/homebrew/etc/php/8.0/conf.d/error_log.ini,
/opt/homebrew/etc/php/8.0/conf.d/ext-opcache.ini,
/opt/homebrew/etc/php/8.0/conf.d/php-memory-limits.ini





nginx -v

nginx version: nginx/1.21.6





curl --version

curl 7.79.1 (x86_64-apple-darwin21.0) libcurl/7.79.1 (SecureTransport) LibreSSL/3.3.5 zlib/1.2.11 nghttp2/1.45.1
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets





php --ri curl

curl

cURL support => enabled
cURL Information => 7.82.0
Age => 9
Features
AsynchDNS => Yes
CharConv => No
Debug => No
GSS-Negotiate => No
IDN => Yes
IPv6 => Yes
krb4 => No
Largefile => Yes
libz => Yes
NTLM => Yes
NTLMWB => Yes
SPNEGO => Yes
SSL => Yes
SSPI => No
TLS-SRP => Yes
HTTP2 => Yes
GSSAPI => Yes
KERBEROS5 => Yes
UNIX_SOCKETS => Yes
PSL => No
HTTPS_PROXY => Yes
MULTI_SSL => Yes
BROTLI => Yes
Protocols => dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtmp, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
Host => aarch64-apple-darwin21.3.0
SSL Version => (SecureTransport) OpenSSL/1.1.1n
ZLib Version => 1.2.11
libSSH Version => libssh2/1.10.0

Directive => Local Value => Master Value
curl.cainfo => no value => no value





~/.composer/vendor/laravel/valet/bin/ngrok version

ngrok version 2.3.40





~/.composer/vendor/laravel/valet/bin/ngrok-arm version

ngrok version 2.3.40





ls -al ~/.ngrok2

lrwxr-xr-x  1 jacobgraf  staff  53 Feb  1 13:00 /Users/jacobgraf/.ngrok2 -> /Users/jacobgraf/SynologyDrive/Backups/Mackup/.ngrok2





brew info nginx

nginx: stable 1.21.6 (bottled), HEAD
HTTP(S) server and reverse proxy, and IMAP/POP3 proxy server
https://nginx.org/
/opt/homebrew/Cellar/nginx/1.21.6_1 (26 files, 2.2MB) *
  Poured from bottle on 2022-04-03 at 17:19:13
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/nginx.rb
License: BSD-2-Clause
==> Dependencies
Required: openssl@1.1, pcre2
==> Options
--HEAD
    Install HEAD version
==> Caveats
Docroot is: /opt/homebrew/var/www

The default port has been set in /opt/homebrew/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.

nginx will load all files in /opt/homebrew/etc/nginx/servers/.

To restart nginx after an upgrade:
  brew services restart nginx
Or, if you don't want/need a background service you can just run:
  /opt/homebrew/opt/nginx/bin/nginx -g daemon off;
==> Analytics
install: 41,413 (30 days), 126,233 (90 days), 490,527 (365 days)
install-on-request: 41,339 (30 days), 126,025 (90 days), 489,511 (365 days)
build-error: 15 (30 days)





brew info php

php: stable 8.1.4 (bottled), HEAD
General-purpose scripting language
https://www.php.net/
Not installed
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/php.rb
License: PHP-3.01
==> Dependencies
Build: httpd, pkg-config
Required: apr, apr-util, argon2, aspell, autoconf, curl, freetds, gd, gettext, gmp, icu4c, krb5, libpq, libsodium, libzip, oniguruma, openldap, openssl@1.1, pcre2, sqlite, tidy-html5, unixodbc
==> Options
--HEAD
    Install HEAD version
==> Caveats
To enable PHP in Apache add the following to httpd.conf and restart Apache:
    LoadModule php_module /opt/homebrew/opt/php/lib/httpd/modules/libphp.so

    
        SetHandler application/x-httpd-php
    

Finally, check DirectoryIndex includes index.php
    DirectoryIndex index.php index.html

The php.ini and php-fpm.ini file can be found in:
    /opt/homebrew/etc/php/8.1/

To restart php after an upgrade:
  brew services restart php
Or, if you don't want/need a background service you can just run:
  /opt/homebrew/opt/php/sbin/php-fpm --nodaemonize
==> Analytics
install: 141,522 (30 days), 378,183 (90 days), 970,567 (365 days)
install-on-request: 119,347 (30 days), 312,541 (90 days), 849,609 (365 days)
build-error: 61 (30 days)





brew info openssl

openssl@3: stable 3.0.2 (bottled) [keg-only]
Cryptography and SSL/TLS Toolkit
https://openssl.org/
Not installed
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/openssl@3.rb
License: Apache-2.0
==> Dependencies
Required: ca-certificates
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /opt/homebrew/etc/openssl@3/certs

and run
  /opt/homebrew/opt/openssl@3/bin/c_rehash

openssl@3 is keg-only, which means it was not symlinked into /opt/homebrew,
because macOS provides LibreSSL.

==> Analytics
install: 153,674 (30 days), 366,321 (90 days), 674,176 (365 days)
install-on-request: 121,602 (30 days), 284,737 (90 days), 528,875 (365 days)
build-error: 5,462 (30 days)





openssl version -a

LibreSSL 2.8.3
built on: date not available
platform: information not available
options:  bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: information not available
OPENSSLDIR: "/private/etc/ssl"





openssl ciphers

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:GOST2012256-GOST89-GOST89:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:GOST2001-GOST89-GOST89:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA





sudo nginx -t

nginx: the configuration file /opt/homebrew/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /opt/homebrew/etc/nginx/nginx.conf test is successful





which -a php-fpm

/opt/homebrew/sbin/php-fpm





/opt/homebrew/opt/php/sbin/php-fpm -v

sudo: /opt/homebrew/opt/php/sbin/php-fpm: command not found





sudo /opt/homebrew/opt/php/sbin/php-fpm -y /opt/homebrew/etc/php/8.0/php-fpm.conf --test

sudo: /opt/homebrew/opt/php/sbin/php-fpm: command not found





ls -al ~/Library/LaunchAgents | grep homebrew

-rw-r--r--   1 jacobgraf  staff   537 Jan 18 20:19 homebrew.mxcl.mysql.plist
-rw-r--r--   1 jacobgraf  staff   545 Jan 18 19:55 homebrew.mxcl.mysql@5.7.plist





ls -al /Library/LaunchAgents | grep homebrew






ls -al /Library/LaunchDaemons | grep homebrew

-rw-r--r--   1 root  admin   602 Apr  3 17:23 homebrew.mxcl.dnsmasq.plist
-rw-r--r--   1 root  admin   545 Jan 18 19:53 homebrew.mxcl.mysql@5.7.plist
-rw-r--r--   1 root  admin   490 Apr  3 17:23 homebrew.mxcl.nginx.plist
-rw-r--r--   1 root  admin   594 Apr  3 17:23 homebrew.mxcl.php@8.0.plist





ls -al /Library/LaunchDaemons | grep "com.laravel.valet."






ls -aln /etc/resolv.conf

lrwxr-xr-x  1 0  0  22 Mar 26 02:21 /etc/resolv.conf -> ../var/run/resolv.conf





cat /etc/resolv.conf

#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search grafhq.lan
nameserver 192.168.1.1





ifconfig lo0

lo0: flags=8049 mtu 16384
    options=1203
    inet 127.0.0.1 netmask 0xff000000 
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=201





sh -c 'echo "------\n/opt/homebrew/etc/nginx/valet/valet.conf\n---\n"; cat /opt/homebrew/etc/nginx/valet/valet.conf | grep -n "# valet loopback"; echo "\n------\n"'

------
/opt/homebrew/etc/nginx/valet/valet.conf
---

3:    #listen VALET_LOOPBACK:80; # valet loopback

------





sh -c 'for file in ~/.config/valet/dnsmasq.d/*; do echo "------\n~/.config/valet/dnsmasq.d/$(basename $file)\n---\n"; cat $file; echo "\n------\n"; done'

------
~/.config/valet/dnsmasq.d/tld-test.conf
---

address=/.test/127.0.0.1
listen-address=127.0.0.1

------





sh -c 'for file in ~/.config/valet/nginx/*; do echo "------\n~/.config/valet/nginx/$(basename $file)\n---\n"; cat $file | grep -n "# valet loopback"; echo "\n------\n"; done'

------
~/.config/valet/nginx/*
---

cat: /Users/jacobgraf/.config/valet/nginx/*: No such file or directory

------


            

        

    
            

            

                mattstauffer
                commented
                 2 years ago            

            

                
It looks like we need to update the diagnose command, but could you let me know what the output of ls ~/.config/valet/Certificates looks like? Mainly, are there four files in there for the domain you just tried to secure?


This definitely isn't broken globally, as... wait for it... it works on my machine. lol.


But we'll see if we can figure out why it's not working for you.
            

        

            

            

                NasirNobin
                commented
                 2 years ago            

            

                


When running valet secure within a parked site directory, the command never finishes. No other output is given.




I think this is a duplicate of https://github.com/laravel/valet/issues/1224. In this case, Valet does create certificates and everything, but it hangs on the step to mark it as trusted. (where it's supposed to show a password prompt, but it never does)


We still couldn't figure out the actual reason behind this, but few people have reported, that it usually gets fixed after a reboot. 


So maybe try rebooting your machine then re-run valet secure and let us know if it fixes the issue. 
            

        

            

            

                driesvints
                commented
                 2 years ago            

            

                
@jacobgraf can you confirm this works after a reboot?
            

        

            

            

                jacobgraf
                commented
                 2 years ago            

            

                
Wow. Yes, that did work. After rebooting, I got the following prompt after running the command. I wasn't getting this before. All is well, but maybe this is worth adding to the docs. https://cln.sh/qGHwO4GVQeRPdviKO36i
            

        

            

            

                driesvints
                commented
                 2 years ago            

            

                
@jacobgraf good idea: https://github.com/laravel/docs/pull/7854