feat: Allow local certificates to be used by Caddy
This commit is contained in:
parent
a36ce26872
commit
e67a28f630
@ -33,8 +33,9 @@ A [Docker](https://www.docker.com/)-based installer and runtime for the [Symfony
|
||||
3. [Support for extra services](docs/extra-services.md)
|
||||
4. [Deploying in production](docs/production.md)
|
||||
5. [Debugging with Xdebug](docs/xdebug.md)
|
||||
6. [Using a Makefile](docs/makefile.md)
|
||||
7. [Troubleshooting](docs/troubleshooting.md)
|
||||
6. [TLS Certificates](docs/tls.md)
|
||||
7. [Using a Makefile](docs/makefile.md)
|
||||
8. [Troubleshooting](docs/troubleshooting.md)
|
||||
|
||||
## License
|
||||
|
||||
|
@ -5,6 +5,8 @@
|
||||
|
||||
{$SERVER_NAME}
|
||||
|
||||
{$CADDY_EXTRA_CONFIG}
|
||||
|
||||
log
|
||||
|
||||
route {
|
||||
|
38
docs/tls.md
Normal file
38
docs/tls.md
Normal file
@ -0,0 +1,38 @@
|
||||
# TLS Certificates
|
||||
|
||||
## Trusting the Authority
|
||||
|
||||
With a standard installation, the authority used to sign certificates generated in the Caddy container is not trusted by your local machine.
|
||||
You must add the authority to the trust store of the host :
|
||||
|
||||
```
|
||||
# Mac
|
||||
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
|
||||
# Linux
|
||||
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
|
||||
# Windows
|
||||
$ docker compose cp caddy:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
|
||||
```
|
||||
|
||||
## Using Custom TLS Certificates
|
||||
|
||||
By default, Caddy will automatically generate TLS certificates using Let's Encrypt or ZeroSSL.
|
||||
But sometimes you may prefer using custom certificates.
|
||||
|
||||
For instance, to use self-signed certificates created with [mkcert](https://github.com/FiloSottile/mkcert) do as follows:
|
||||
|
||||
1. Locally install `mkcert`
|
||||
2. Create the folder storing the certs:
|
||||
`mkdir docker/caddy/certs -p`
|
||||
3. Generate the certificates for your local host (example: "server-name.localhost"):
|
||||
`mkcert -cert-file docker/caddy/certs/tls.pem -key-file docker/caddy/certs/tls.key "server-name.localhost"`
|
||||
4. Add these lines to the `./docker-compose.override.yml` file about `CADDY_EXTRA_CONFIG` environment and volume for the `caddy` service :
|
||||
```diff
|
||||
caddy:
|
||||
+ environment:
|
||||
+ CADDY_EXTRA_CONFIG: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key"
|
||||
volumes:
|
||||
+ - ./docker/caddy/certs:/etc/caddy/certs:ro
|
||||
- ./public:/srv/app/public:ro
|
||||
```
|
||||
5. Restart your `caddy` container
|
@ -4,18 +4,11 @@
|
||||
|
||||
If you work on linux and cannot edit some of the project files right after the first installation, you can run `docker compose run --rm php chown -R $(id -u):$(id -g) .` to set yourself as owner of the project files that were created by the docker container.
|
||||
|
||||
## Fix Chrome/Brave SSL
|
||||
|
||||
If you have a TLS trust issues, you can copy the self-signed certificate from Caddy and add it to the trusted certificates :
|
||||
|
||||
# Mac
|
||||
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
|
||||
# Linux
|
||||
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
|
||||
# Windows
|
||||
$ docker compose cp caddy:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
|
||||
|
||||
## HTTPs and Redirects
|
||||
|
||||
If Symfony is generating an internal redirect for an `https://` url, but the resulting url is `http://`, you have to uncomment the `TRUSTED_PROXIES` setting in your `.env` file.
|
||||
For more details see the [Symfony internal redirect documentation](https://symfony.com/doc/current/routing.html#redirecting-to-urls-and-routes-directly-from-a-route).
|
||||
|
||||
## TLS/HTTPS Issues
|
||||
|
||||
See more in the [TLS section](tls.md)
|
||||
|
Loading…
x
Reference in New Issue
Block a user