Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using mkcert addon to generate cert, the cli container isn't using the cert. #1753

Open
jasonawant opened this issue Feb 1, 2023 · 0 comments
Open

When using mkcert addon to generate cert, the cli container isn't using the cert. #1753

jasonawant opened this issue Feb 1, 2023 · 0 comments

Comments

@jasonawant
Copy link
Contributor

Description
When using mkcert addon to generate cert, the cli container isn't using the cert. As a result, Guzzle/Curl requests using https within container fail with error

curl: (60) SSL certificate problem: unable to get local issuer certificate

In my scenario, I was executing a Drupal Test Trait (DTT) test against an existing Drupal site over HTTPS. As a work around, I copied the mkcert crt file into .docksal project, e.g. ./docksal/certs/myproject.docksal.site.crt, and used .docksal/etc/php/php.ini to override curl.cainfo value, such as the following. While this worked with my project's DTT test; it still did not work when using curl within the cli container.

[curl]
curl.cainfo="/var/www/.docksal/certs/myproject.docksal.site.crt"

Steps to reproduce the issue:

  1. Create new project following https://docs.docksal.io/getting-started/project-setup/
  2. Generate certificate following https://docs.docksal.io/tools/mkcert/
  3. Use fin bash
  4. Execute curl curl https://myproject.docksal.site
  5. Observe curl error "curl: (60) SSL certificate problem: unable to get local issuer certificate"

Describe the results you received:

[Curl error](curl: (60) SSL certificate problem: unable to get local issuer certificate)

Describe the results you expected:
Expecting curl response same as that using http protocol: curl http://myproject.docksal.site

Output of fin config:

fin config output 
---------------------
COMPOSE_PROJECT_NAME_SAFE: myproject
COMPOSE_FILE:
/Users/jwant/.docksal/stacks/volumes-nfs.yml
/Users/jwant/.docksal/stacks/stack-default.yml
/Users/jwant/Projects/myproject/.docksal/docksal.yml
ENV_FILE:
/Users/jwant/Projects/myproject/.docksal/docksal.env

PROJECT_ROOT: /Users/jwant/Projects/myproject
DOCROOT: docroot
VIRTUAL_HOST: myproject.docksal.site
VIRTUAL_HOST_ALIASES: *.myproject.docksal.site
IP: 192.168.64.100

MySQL endpoint: 127.0.0.1:32812
Public URL:

Docker Compose configuration
---------------------
services:
  cli:
    dns:
    - 8.8.8.8
    - 9.9.9.9
    environment:
      BLACKFIRE_CLIENT_ID: null
      BLACKFIRE_CLIENT_TOKEN: null
      COMPOSER_ALLOW_XDEBUG: "0"
      COMPOSER_DEFAULT_VERSION: null
      COMPOSER_DISABLE_XDEBUG_WARN: "0"
      DOCROOT: docroot
      DRUSH_ALLOW_XDEBUG: "0"
      DRUSH_OPTIONS_URI: myproject.docksal.site
      GIT_USER_EMAIL: jwant@redhat.com
      GIT_USER_NAME: Jason Want
      HOST_GID: "20"
      HOST_UID: "501"
      MYSQL_DATABASE: default
      MYSQL_HOST: db
      MYSQL_PASSWORD: user
      MYSQL_ROOT_PASSWORD: root
      MYSQL_USER: user
      PHP_IDE_CONFIG: null
      SECRET_ACQUIA_CLI_KEY: null
      SECRET_ACQUIA_CLI_SECRET: null
      SECRET_PLATFORMSH_CLI_TOKEN: null
      SECRET_SSH_PRIVATE_KEY: null
      SECRET_TERMINUS_TOKEN: null
      SSH_AUTH_SOCK: /.ssh-agent/proxy-socket
      VIRTUAL_HOST: myproject.docksal.site
      XDEBUG_CONFIG: client_host=192.168.64.1 remote_host=192.168.64.1
      XDEBUG_ENABLED: "0"
    extends:
      file: /Users/jwant/.docksal/stacks/services.yml
      service: cli
    hostname: cli
    healthcheck:
      interval: 10s
    image: docksal/cli:php8.1-3.2
    labels:
      io.docksal.shell: bash
      io.docksal.user: docker
    logging:
      options:
        max-file: "10"
        max-size: 1m
    networks:
      default: null
    volumes:
    - type: volume
      source: docksal_ssh_agent
      target: /.ssh-agent
      read_only: true
      volume: {}
    - type: volume
      source: cli_home
      target: /home/docker
      volume: {}
    - type: bind
      source: /tmp/.docksal/myproject
      target: /tmp/.docksal/myproject
      read_only: true
      bind:
        create_host_path: true
    - type: volume
      source: project_root
      target: /var/www
      volume:
        nocopy: true
  db:
    dns:
    - 8.8.8.8
    - 9.9.9.9
    environment:
      MYSQL_ALLOW_EMPTY_PASSWORD: null
      MYSQL_DATABASE: default
      MYSQL_INITDB_SKIP_TZINFO: null
      MYSQL_ONETIME_PASSWORD: null
      MYSQL_PASSWORD: user
      MYSQL_RANDOM_ROOT_PASSWORD: null
      MYSQL_ROOT_PASSWORD: root
      MYSQL_USER: user
    extends:
      file: /Users/jwant/.docksal/stacks/services.yml
      service: mariadb
    hostname: db
    healthcheck:
      interval: 10s
    image: docksal/mariadb:10.6-1.3
    logging:
      options:
        max-file: "10"
        max-size: 1m
    networks:
      default: null
    ports:
    - mode: ingress
      target: 3306
      protocol: tcp
    volumes:
    - type: volume
      source: db_data
      target: /var/lib/mysql
      volume: {}
    - type: volume
      source: project_root
      target: /var/www
      read_only: true
      volume:
        nocopy: true
  web:
    depends_on:
      cli:
        condition: service_started
    dns:
    - 8.8.8.8
    - 9.9.9.9
    environment:
      APACHE_BASIC_AUTH_PASS: null
      APACHE_BASIC_AUTH_USER: null
      APACHE_DOCUMENTROOT: /var/www/docroot
      APACHE_FCGI_HOST_PORT: cli:9000
    extends:
      file: /Users/jwant/.docksal/stacks/services.yml
      service: apache
    hostname: web
    healthcheck:
      interval: 10s
    image: docksal/apache:2.4-2.5
    labels:
      io.docksal.cert-name: none
      io.docksal.permanent: "false"
      io.docksal.project-root: /Users/jwant/Projects/myproject
      io.docksal.virtual-host: myproject.docksal.site,*.myproject.docksal.site,myproject.docksal.site.*
    logging:
      options:
        max-file: "10"
        max-size: 1m
    networks:
      default: null
    volumes:
    - type: volume
      source: project_root
      target: /var/www
      read_only: true
      volume:
        nocopy: true
networks:
  default:
    name: myproject_default
volumes:
  cli_home:
    name: myproject_cli_home
  db_data:
    name: myproject_db_data
  docksal_ssh_agent:
    name: docksal_ssh_agent
    external: true
  project_root:
    name: myproject_project_root
    driver: local
    driver_opts:
      device: :/Users/jwant/Projects/myproject
      o: addr=192.168.64.1,vers=3,nolock,noacl,nocto,noatime,nodiratime,actimeo=1
      type: nfs
---------------------

Output of fin sysinfo:

fin sysinfo output 

███  DOCKSAL
Docksal version: v1.17.0
fin version:     1.110.1

███  OS
Darwin macOS 12.6.2
Darwin jwant-mac 21.6.0 Darwin Kernel Version 21.6.0: Sun Nov  6 23:31:16 PST 2022; root:xnu-8020.240.14~1/RELEASE_X86_64 x86_64

███  ENVIRONMENT
MODE : Docker Desktop
DOCKER_HOST : 

███  NFS
DOCKSAL_NFS_PATH : /Users

nfsd service is enabled
nfsd is running (pid 323, 8 threads)

NFS EXPORTS
----------

# <ds-nfs docksal
/Users 127.0.0.1 192.168.64.1 -alldirs -maproot=0:0
# ds-nfs>
----------

Exports list on localhost:
/Users                              127.0.0.1 192.168.64.1

███  DOCKER
Expected client version: 20.10.12
Expected server version: 20.10.12

Installed versions:

Client:
Version:           20.10.12
API version:       1.41
Go version:        go1.16.12
Git commit:        e91ed57
Built:             Mon Dec 13 11:46:56 2021
OS/Arch:           darwin/amd64
Context:           default
Experimental:      true

Server: Docker Desktop 4.16.1 (95567)
Engine:
Version:          20.10.22
API version:      1.41 (minimum version 1.12)
Go version:       go1.18.9
Git commit:       42c8b31
Built:            Thu Dec 15 22:26:14 2022
OS/Arch:          linux/amd64
Experimental:     false
containerd:
Version:          1.6.14
GitCommit:        9ba4b250366a5ddde94bb7c9d1def331423aa323
runc:
Version:          1.1.4
GitCommit:        v1.1.4-0-g5fd4c4d
docker-init:
Version:          0.19.0
GitCommit:        de40ad0

███  DOCKER COMPOSE
Expected version:  2.1.0
Installed version: v2.1.0

███  DOCKSAL: PROJECTS
project                   STATUS                      virtual host                                                                                          project root
myproject                 Up 2 minutes (healthy)      myproject.docksal.site,*.myproject.docksal.site,myproject.docksal.site.*                              /Users/jwant/Projects/myproject
███  DOCKSAL: VIRTUAL HOSTS
�[0;32;49m*.myproject.docksal.site�[0m
�[0;32;49mmyproject.docksal.site.*�[0m
�[0;32;49mmyproject.docksal.site�[0m

███  DOCKSAL: NETWORKING

DOCKSAL_IP: 192.168.64.100
DOCKSAL_HOST_IP: 192.168.64.1
DOCKSAL_VHOST_PROXY_IP: 0.0.0.0
DOCKSAL_DNS_IP: 0.0.0.0
DOCKSAL_DNS_DISABLED: 1
DOCKSAL_NO_DNS_RESOLVER: 1
DOCKSAL_DNS_UPSTREAM: 
DOCKSAL_DNS_DOMAIN: docksal.site

███  DOCKSAL: CONNECTIVITY

Host to 192.168.64.100: 	PASS
Container to 192.168.64.100: 	PASS
Container to 192.168.64.1: 	PASS

Checking connectivity to http://dns-test.docksal.site...
Host: PASS
Containers: PASS

███  DOCKER: RUNNING CONTAINERS
CONTAINER ID   IMAGE                      COMMAND                  CREATED          STATUS                    PORTS                                      NAMES
7ae7621cb949   docksal/vhost-proxy:1.8    "docker-entrypoint.s…"   47 minutes ago   Up 47 minutes (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   docksal-vhost-proxy
540ad86f5dee   docksal/apache:2.4-2.5     "httpd-foreground"       48 minutes ago   Up 2 minutes (healthy)    80/tcp, 443/tcp                            myproject_web_1
5e857a6d7391   docksal/cli:php8.1-3.2     "/opt/startup.sh sup…"   48 minutes ago   Up 2 minutes (healthy)    22/tcp, 3000/tcp, 9000/tcp                 myproject_cli_1
338c5b57a366   docksal/mariadb:10.6-1.3   "docker-entrypoint.s…"   48 minutes ago   Up 2 minutes (healthy)    127.0.0.1:32812->3306/tcp                  myproject_db_1
███  DOCKER: NETWORKS
NETWORK ID     NAME                           DRIVER    SCOPE
e0fadc653762   _default                       bridge    local
b0961e8cb050   bridge                         bridge    local
61a80b2b07ff   host                           host      local
66f159a3a839   myproject_default              bridge    local
3e11fa9465d5   none                           null      local

███  DOCKER DESKTOP
EXPECTED VERSION: 4.4.2
DETECTED VERSION: 4.16.1

███  HDD Usage
Filesystem       Size   Used  Avail Capacity iused      ifree %iused  Mounted on
/dev/disk1s1s1  466Gi   14Gi  295Gi     5%  502128 3092265120    0%   /
devfs           196Ki  196Ki    0Bi   100%     678          0  100%   /dev
/dev/disk1s5    466Gi  7.0Gi  295Gi     3%       7 3092265120    0%   /System/Volumes/VM
/dev/disk1s3    466Gi  1.8Gi  295Gi     1%    1981 3092265120    0%   /System/Volumes/Preboot
/dev/disk1s6    466Gi  2.0Mi  295Gi     1%      19 3092265120    0%   /System/Volumes/Update
/dev/disk1s2    466Gi  146Gi  295Gi    34% 1174730 3092265120    0%   /System/Volumes/Data
map auto_home     0Bi    0Bi    0Bi   100%       0          0  100%   /System/Volumes/Data/home
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jasonawant