fix: make the primary URL https if the custom cert exists (#5684)

Co-authored-by: Randy Fay <randy@randyfay.com>

cmd/ddev/cmd/restart.go

@@ -4,7 +4,6 @@ import (
 	"strings"
 
 	"github.com/ddev/ddev/pkg/ddevapp"
-	"github.com/ddev/ddev/pkg/globalconfig"
 
 	"github.com/ddev/ddev/pkg/dockerutil"
 	"github.com/ddev/ddev/pkg/output"
@@ -56,7 +55,7 @@ ddev restart --all`,
 
 			util.Success("Restarted %s", app.GetName())
 			httpURLs, urlList, _ := app.GetAllURLs()
-			if globalconfig.GetCAROOT() == "" || ddevapp.IsRouterDisabled(app) {
+			if app.CanUseHTTPOnly() {
 				urlList = httpURLs
 			}
 			util.Success("Your project can be reached at %s", strings.Join(urlList, " "))

cmd/ddev/cmd/start.go

@@ -12,7 +12,6 @@ import (
 	"github.com/ddev/ddev/pkg/ddevapp"
 	"github.com/ddev/ddev/pkg/dockerutil"
 	"github.com/ddev/ddev/pkg/globalconfig"
-	"github.com/ddev/ddev/pkg/nodeps"
 	"github.com/ddev/ddev/pkg/output"
 	"github.com/ddev/ddev/pkg/util"
 	"github.com/manifoldco/promptui"
@@ -139,7 +138,7 @@ ddev start --all`,
 
 			util.Success("Successfully started %s", project.GetName())
 			httpURLs, httpsURLs, _ := project.GetAllURLs()
-			if !nodeps.IsGitpod() && !nodeps.IsCodespaces() && (globalconfig.GetCAROOT() == "" || ddevapp.IsRouterDisabled(project)) {
+			if project.CanUseHTTPOnly() {
 				httpsURLs = httpURLs
 			}
 			util.Success("Project can be reached at %s", strings.Join(httpsURLs, " "))

pkg/ddevapp/ddevapp.go

@@ -2675,7 +2675,7 @@ func (app *DdevApp) GetPrimaryURL() string {
 	httpURLs, httpsURLs, _ := app.GetAllURLs()
 	urlList := httpsURLs
 	// If no mkcert trusted https, use the httpURLs instead
-	if !nodeps.IsGitpod() && !nodeps.IsCodespaces() && (globalconfig.GetCAROOT() == "" || IsRouterDisabled(app)) {
+	if app.CanUseHTTPOnly() {
 		urlList = httpURLs
 	}
 	if len(urlList) > 0 {

pkg/ddevapp/extra_expose_test.go

@@ -8,8 +8,6 @@ import (
 
 	"github.com/ddev/ddev/pkg/ddevapp"
 	"github.com/ddev/ddev/pkg/exec"
-	"github.com/ddev/ddev/pkg/globalconfig"
-	"github.com/ddev/ddev/pkg/nodeps"
 	"github.com/ddev/ddev/pkg/testcommon"
 	asrt "github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -56,7 +54,7 @@ func TestExtraPortExpose(t *testing.T) {
 
 	// Careful with portsToTest because https ports won't work on GitHub Actions Colima tests (although they work fine on normal Mac)
 	portsToTest := []string{"3000", "4000"}
-	if !nodeps.IsGitpod() && !nodeps.IsCodespaces() && (globalconfig.GetCAROOT() == "" || ddevapp.IsRouterDisabled(app)) {
+	if app.CanUseHTTPOnly() {
 		portsToTest = []string{"2999", "3999"}
 	}
 

pkg/ddevapp/utils.go

@@ -483,3 +483,33 @@ func (app *DdevApp) GetRelativeWorkingDirectory() string {
 	pwd, _ := os.Getwd()
 	return app.GetRelativeDirectory(pwd)
 }
+
+// HasCustomCert returns true if the project uses a custom certificate
+func (app *DdevApp) HasCustomCert() bool {
+	customCertsPath := app.GetConfigPath("custom_certs")
+	certFileName := fmt.Sprintf("%s.crt", app.Name)
+	if !globalconfig.DdevGlobalConfig.IsTraefikRouter() {
+		certFileName = fmt.Sprintf("%s.crt", app.GetHostname())
+	}
+	return fileutil.FileExists(filepath.Join(customCertsPath, certFileName))
+}
+
+// CanUseHTTPOnly returns true if the project can be accessed via http only
+func (app *DdevApp) CanUseHTTPOnly() bool {
+	switch {
+	// Gitpod and Codespaces have their own router with TLS termination
+	case nodeps.IsGitpod() || nodeps.IsCodespaces():
+		return true
+	// If we have no router, then no https otherwise
+	case IsRouterDisabled(app):
+		return true
+	// If a custom cert, we can do https, so false
+	case app.HasCustomCert():
+		return false
+	// If no mkcert installed, no https
+	case globalconfig.GetCAROOT() == "":
+		return true
+	}
+	// Default case is OK to use https
+	return false
+}