Serve site through HTTPS

[fgilio]

I think now a days HTTPS should come integrated and even be the default option in the box. What's your take on this?

In the meantime, how can we setup wplib-box to use HTTPS? Is there any simple way?

Thanks!

[mikeschinkel]

Hi @fgilio,

Thanks for the suggestion and request.

My understanding from @clubdeuce is that this is possible but I personally have never tested it.

As for default, I agree it should be a default option however I do not currently think it should be the default as my current understanding is that it is much harder to using XDEBUG to debug a website when you use HTTPS because you have to configure a browser proxy which is not trivial. I assume you are good with an easy option to enable it on a site?

@clubdeuce, how to use HTTPS with WPLib Box? I looked in the README and FAQ and I did not see any docs for how to do so.

[mikeschinkel]

@fgilio BTW, we are hard at work on a major new release which is why we have been quiet for a while. The major new release will have more functionality added than the WPLib Box currently has but it is the type of functionality we can't release little-by-little.

[fgilio]

Hi @mikeschinkel,

I didn't know about the XDEBUG issues... So I think to have it optional would be better. @clubdeuce can you show us how to do it?

I'll be looking forward to that new release, cheers!

[clubdeuce]

@fgolio HTTPS is available in the box. https://wplib.box. (You may need to use a different hostname if you have changed that in your local Vagrantfile.)

You will get a warning about the certificate being untrusted. This is because the box has a self-signed certificate.

[fgilio]

I have multiple boxes here on mi machine, so I couldn't figure out a way to trust the certificate for all domains.

So I ended up creating a custom certificate per box:

vagrant ssh 
cd /etc/nginx/certs/
sudo openssl genrsa -out mydomain.dev.key 2048
sudo openssl req -new -x509 -key mydomain.dev.key -out mydomain.dev.cert -days 3650 -subj /CN=mydomain.dev

sudo nano /etc/nginx/sites-available/default

Edited it like this:

server {
    listen 80 default;
    listen 443 ssl;
        server_name wplib.box;

        root /var/www;

        index index.php;

        include global/restrictions.conf;

        # Additional rules go here.
        # ssl on;
        ssl_certificate /etc/nginx/certs/mydomain.dev.cert;
        ssl_certificate_key /etc/nginx/certs/mydomain.dev.key;

        # Specify which FPM socket to use for this host
        # set $sock php5.6-fpm.sock;
        set $sock php7.0-fpm.sock;

        # Only include one of the files below.
        include global/wordpress.conf;
        #include global/multisite-subdirectory.conf

}

*Yes, we use PHP 7

sudo nginx -t
sudo service nginx restart

exit

I then copied the certificate from Chrome like Chris wrote here: https://css-tricks.com/trusting-ssl-locally-mac/ But I guess you can also use something like: vagrant ssh -c "sudo cat /etc/nginx/certs/mydomain.dev.cert" > mydomain.dev.cert

And, finally:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain  mydomain.dev.cert

It's working flawlessly! I think that's not the optimal way of doing it, as it ends up using that certificate for all domains pointing to the machine. But, we only use a domain per machine. May investigate this further later...

[mikeschinkel]

@fgilio That is really awesome, thank you! I assume the above can help us implement in the next version of WPLib Box @clubdeuce?

BTW, our next version will support one install and then as many "projects" (sites) as you want/need to have in the box.

[fgilio]

Sounds awesome!

Maybe you can check how Valet does it, it sets it up automatically.

[mikeschinkel]

@fgilio Valet is a very different animal given that it installs and runs locally and serves using PHP7.

[fgilio]

Yes, but I mean only the HTTPS part of it. In the end it still adds a Local Certificate through Keychain, probably using a command similar to the one I posted above.

[tedmasterweb]

I'll be happy to help with the XDEBUG (and Visual Code) integration. I am very keen on seeing this work. Don't know if I can provide code but I can definitely help debug.

Thanks.

[clubdeuce]

@tedmasterweb Thanks you for you offer to assist. We already have XDEBUG working in the box. If you have any suggestions on improving what we already have, please provide them here.

The current configuration for VSCode:

• Configuration
• Debugging

[tedmasterweb]

Excellent. The README still says "Instructions to come..." so I thought that maybe it wasn't working yet.

I've compared your configuration with the one I use for debugging on my local machine. I see that there are two additional lines:

"localSourceRoot": "${workspaceRoot}/www", "serverSourceRoot": "/var/www"

Is this really all that's needed to get this to work?

Thanks a lot for all your effort and dedication. I know how much effort these projects can be!

Ted

[clubdeuce]

@tedmasterweb I beleieve so. I have VS Code working with debugging on my machine.

I will update the README.

[mikeschinkel]

@MickMakes Can you please review this when you have time and come up with recommendations for me on how we can support these needs/use-cases?

[mikeschinkel]

@MickMake Is there a short-term way we can implement SSL/HTTPS for WPLib Box, before 0.17.0?

[mikeschinkel]

@MickMake Make that 0.17.2 now. See the #hosting channel in our Slack to see the user request for this.

[mikeschinkel]

Reference: https://github.com/Varying-Vagrant-Vagrants/vvv-utilities/blob/master/tls-ca/provision.sh

Also: https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309