search

putyourlightson / craft-blitz

Intelligent static page caching for creating lightning-fast sites with Craft CMS.
https://putyourlightson.com/plugins/blitz
Other
149 stars 36 forks source link

Cache warming does not work, reports no error, although cURL reports error in blitz.log with self signed SSL #221

Closed hiasl closed 3 years ago

hiasl commented 4 years ago

Describe the bug

I use MAMP pro locally for developing with locally signed SSL certificates. Those certificates cause a warning in the browser but seem to prevent cache warming from working as cURL does not like them.

To reproduce

Steps to reproduce the behaviour:

  1. Use a locally self signed SSL certificate (easy with Mamp Pro) for your dev host
  2. Try warming your cache with the console command
  3. Blitz cache warmer seems to be extremely fast but not a single page is saved to the cache folder. No errors are shown on the console.
  4. Now enable blitz debug mode, do it again, check the logs
  5. For each page you will get 2020-05-09 21:05:59 [][][debug] cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

    Expected behaviour

    1.) I would expect the cache warmer to fail 2.) It would be very helpful to have some kind of a "allow self signed certificates" config setting in config to be able to work with Blitz AND self signed certificates locally. Maybe even better, if Blitz detects the problem a warning (or warming :-) ) should be shown if in DEV mode, but it should still work even without such a setting.

Versions

bencroker commented 4 years ago

cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

This is a common cURL error, the fix for which you should be able to find by doing a bit of searching.

The cache warmer does not explicitly fail because it carries on the warming process and correctly logs the error. I don't think allowing insecure SSL certs is a good idea, instead I would suggest you fix the issue on your local development environment.

hiasl commented 4 years ago

Sorry, hope it's ok if I do not agree: If the console command shows that 18 pages were warmed, then 18 files should be in the cache directory, don't you think so? And if they are not there, then I think the console command should report a problem.

Regarding the cCURL error: I already did some research on this before I wrote the ticket and I could only find out that there are cURL options to ignore SSL certificate problems. But this would require that I could configure them somewhere, which I can't. Did you think about a different approach?

bencroker commented 4 years ago

Of course it's ok to disagree, this is about finding the best solution to the issue!

So the console command shows 18 URLs that were visited rather than warmed, but I guess it could report that there were X URLs that returned errors. In your case it makes sense but consider a site in which there are thousands of pages. I'll look into making the console message more user-friendly, if you have any suggestions then I'd be happy to hear them.

Regarding the cURL error, I was referring to the second point in this answer: https://stackoverflow.com/a/24618403/1769259

  1. Add the root CA (the CA signing the server certificate) to etc/ssl/certs/ca-certificates.crt
hiasl commented 4 years ago

Regarding cURL: you are right, I took the wrong approach, I wanted it to ignore the error, but of course it better to make it work.

Regarding console output: Have a look:

Bildschirmfoto 2020-05-11 um 11 27 47

It does not say "18 URLs visited", you just get the figures and everything looks like a success. Maybe, as you wrote, it would be sufficient to output the amount of error URLs, if any occurred and the hint to turn on debugging to find out the reason.

In my case I did not know that was a debug option and I had no clue, why the warmer seemed to succeed but there were not files in the cache dir.

bencroker commented 4 years ago

Ok I'll consider better reporting in the console as a feature request.

markdrzy commented 4 years ago

@hiasl - Agree with you that the console output should be clearer, we were bit by the same issue. To revisit your comment about cURL not being configurable though, I just wanted to point you to this section of the Craft config: https://craftcms.com/docs/3.x/config/#guzzle-config

You can tell cURL to ignore invalid SSL by putting the following in config/guzzle.php:

<?php
return [
  'verify' => false
];
bencroker commented 4 years ago

Thanks @markdrzy, that should be helpful for others in future!

hiasl commented 4 years ago

Thanks @markdrzy!

bencroker commented 3 years ago

Added in https://github.com/putyourlightson/craft-blitz/commit/8fe9afc53d77fd5b58bb8188f509948923300eca for the next release.

Screenshot 2020-12-30 at 11 50 33

bencroker commented 3 years ago

Released in 3.7.0.