fix for share of secured sites #630
Conversation
|
This works okay if I only hit the It also echoes out the following to the console (visible when ending the ngrok connection): I haven't dug any deeper than just replicating your code changes and attempting to visit the URL, so don't have any "solution" to offer at this point. On the plus side it does make webhook testing better since it avoids a 301 redirect which can be a real nuisance. |
|
that output is a grep test that needs to be silenced (needs a —quiet parameter). I think the ‘attempt to server insecure content’ is unsolvable because that is limited on how the page content is referencing assets, which needs to be done in a particular way for https:// sites to avoid exactly that issue. |
|
There, no grep output. |
|
Nice. Works slick. Notwithstanding that one must manually account for "mixed content" within their app. But, as you say, this isn't really the fault of Valet or Ngrok ... it's the nature of different domain names. If this is not merged, then ngrok serves via a URL-redirected tunnel. Which on the surface looks fine. |
|
Just noting here that #534 attempts to do something similar, albeit in a slightly different way. |
|
@drbyte I haven't followed all the conversations around ngrok very well. Could you give me an opinion on which you prefer, or whether you have an alternate idea? |
|
@mattstauffer at this stage I prefer this one. |
|
This is a good fix for the ngrok issue since it just works. However, #534 allows you to enable access on standard port 80 from any context which doesn't accept the self-signed certificate without remembering the port. At this point, I'm favorable to this PR for fixing the |
|
Current plan is to tag 2.1.0 and then merge this in 2.1.1 so it's separated a bit. |
|
I'd like to merge this in to master, test it a bit, then tag it as |
|
I'd say it's safe to merge and test. I've been using it with success. |
|
Alright, let's do a bit of testing on |
|
Alright. @mattstauffer curious your thoughts on whether to also update the ngrok binary since the one in this distro is outdated. |
|
@drbyte |
|
We're currently distributing v2.1.18; Latest is 2.2.8. I'm not seeing anywhere that describes small iterative updates; however for major changes they list one at https://ngrok.com/docs#compat-2.2 Given that in the ngrok console they encourage you to just press CTRL+U to self-update when a new version is available, I think it makes sense to at least bump to the next mid-point-release. And keep our distro up to date 2-3 times per year probably. |
|
Thank you very much. Can confirm that |
|
Looking forward to this. :) |
|
(can confirm that |
fix for share of secured sites
|
This appears to have broken nginx booting if you have secured sites, as Kerberos/Screen Sharing uses port 88. Way around at the moment is to disable Kerberos and/or Screen Sharing (which may not be possible for some). Can we try a different port that isn't reserved? |
|
I am running into this issue on a clean install with port 88. Is there a previous version I can install in the mean time to get around this and get a working system? |
|
I think you could revert to 2.1.0 to bypass this change, but there might be other things you want from newer releases. You could also just temporarily directly edit the 2 affected files: Using port 87 seems to test out okay. Whether you edit the files directly or downgrade with composer, you'll need to rebuild your site configs: |
|
That should work too, but it will likely cause problems when you come to update later... you shouldn't really edit |
|
So how would I install 2.1.0? I tried . valet install: "2.1.0" and valet install: 2.1.0 |
|
@simonhamp wrote:
Of course. It will definitely be wiped out during a future update. But the request was "for in the meantime". |
|
@Danny-G-Smith wrote:
|
|
AWESOME THIS WORKS AND I AM SO HAPPY. (Yay) |
fix for share of secured sites
This fixes the valet share issue for secured sites/apps (the already closed issue #148), its an implementation of this idea:
When an app/site is secure, instead of creating 2 server blocks, lets create 3. the current on port 80 redirecting to 443, the secure one on port 443 and a new one on port, say, 88 (any other port not 80 or 443 is ok) doing an usual non-SSL server block.
So the ngrok fix is now:
if site is secure redirect 88 else redirect 80This fixes it and gets around the pro ngrok issue as we will be serving an usual http:// site, only not on the std issue port.