feat: Allow local certificates to be used by Caddy
This commit is contained in:
parent
a36ce26872
commit
e67a28f630
@ -33,8 +33,9 @@ A [Docker](https://www.docker.com/)-based installer and runtime for the [Symfony
|
|||||||
3. [Support for extra services](docs/extra-services.md)
|
3. [Support for extra services](docs/extra-services.md)
|
||||||
4. [Deploying in production](docs/production.md)
|
4. [Deploying in production](docs/production.md)
|
||||||
5. [Debugging with Xdebug](docs/xdebug.md)
|
5. [Debugging with Xdebug](docs/xdebug.md)
|
||||||
6. [Using a Makefile](docs/makefile.md)
|
6. [TLS Certificates](docs/tls.md)
|
||||||
7. [Troubleshooting](docs/troubleshooting.md)
|
7. [Using a Makefile](docs/makefile.md)
|
||||||
|
8. [Troubleshooting](docs/troubleshooting.md)
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
@ -5,6 +5,8 @@
|
|||||||
|
|
||||||
{$SERVER_NAME}
|
{$SERVER_NAME}
|
||||||
|
|
||||||
|
{$CADDY_EXTRA_CONFIG}
|
||||||
|
|
||||||
log
|
log
|
||||||
|
|
||||||
route {
|
route {
|
||||||
|
38
docs/tls.md
Normal file
38
docs/tls.md
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
# TLS Certificates
|
||||||
|
|
||||||
|
## Trusting the Authority
|
||||||
|
|
||||||
|
With a standard installation, the authority used to sign certificates generated in the Caddy container is not trusted by your local machine.
|
||||||
|
You must add the authority to the trust store of the host :
|
||||||
|
|
||||||
|
```
|
||||||
|
# Mac
|
||||||
|
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
|
||||||
|
# Linux
|
||||||
|
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
|
||||||
|
# Windows
|
||||||
|
$ docker compose cp caddy:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
|
||||||
|
```
|
||||||
|
|
||||||
|
## Using Custom TLS Certificates
|
||||||
|
|
||||||
|
By default, Caddy will automatically generate TLS certificates using Let's Encrypt or ZeroSSL.
|
||||||
|
But sometimes you may prefer using custom certificates.
|
||||||
|
|
||||||
|
For instance, to use self-signed certificates created with [mkcert](https://github.com/FiloSottile/mkcert) do as follows:
|
||||||
|
|
||||||
|
1. Locally install `mkcert`
|
||||||
|
2. Create the folder storing the certs:
|
||||||
|
`mkdir docker/caddy/certs -p`
|
||||||
|
3. Generate the certificates for your local host (example: "server-name.localhost"):
|
||||||
|
`mkcert -cert-file docker/caddy/certs/tls.pem -key-file docker/caddy/certs/tls.key "server-name.localhost"`
|
||||||
|
4. Add these lines to the `./docker-compose.override.yml` file about `CADDY_EXTRA_CONFIG` environment and volume for the `caddy` service :
|
||||||
|
```diff
|
||||||
|
caddy:
|
||||||
|
+ environment:
|
||||||
|
+ CADDY_EXTRA_CONFIG: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key"
|
||||||
|
volumes:
|
||||||
|
+ - ./docker/caddy/certs:/etc/caddy/certs:ro
|
||||||
|
- ./public:/srv/app/public:ro
|
||||||
|
```
|
||||||
|
5. Restart your `caddy` container
|
@ -4,18 +4,11 @@
|
|||||||
|
|
||||||
If you work on linux and cannot edit some of the project files right after the first installation, you can run `docker compose run --rm php chown -R $(id -u):$(id -g) .` to set yourself as owner of the project files that were created by the docker container.
|
If you work on linux and cannot edit some of the project files right after the first installation, you can run `docker compose run --rm php chown -R $(id -u):$(id -g) .` to set yourself as owner of the project files that were created by the docker container.
|
||||||
|
|
||||||
## Fix Chrome/Brave SSL
|
|
||||||
|
|
||||||
If you have a TLS trust issues, you can copy the self-signed certificate from Caddy and add it to the trusted certificates :
|
|
||||||
|
|
||||||
# Mac
|
|
||||||
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
|
|
||||||
# Linux
|
|
||||||
$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
|
|
||||||
# Windows
|
|
||||||
$ docker compose cp caddy:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
|
|
||||||
|
|
||||||
## HTTPs and Redirects
|
## HTTPs and Redirects
|
||||||
|
|
||||||
If Symfony is generating an internal redirect for an `https://` url, but the resulting url is `http://`, you have to uncomment the `TRUSTED_PROXIES` setting in your `.env` file.
|
If Symfony is generating an internal redirect for an `https://` url, but the resulting url is `http://`, you have to uncomment the `TRUSTED_PROXIES` setting in your `.env` file.
|
||||||
For more details see the [Symfony internal redirect documentation](https://symfony.com/doc/current/routing.html#redirecting-to-urls-and-routes-directly-from-a-route).
|
For more details see the [Symfony internal redirect documentation](https://symfony.com/doc/current/routing.html#redirecting-to-urls-and-routes-directly-from-a-route).
|
||||||
|
|
||||||
|
## TLS/HTTPS Issues
|
||||||
|
|
||||||
|
See more in the [TLS section](tls.md)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user