Configure ddev-router to listen on 0.0.0.0 #1794
Comments
|
Please try |
|
You're definitely right that ddev-router is no longer listening on 0.0.0.0, that was a pretty big security hole to have it exposed to the entire local network. Will be interested to hear if This is also a duplicate of #1792 |
|
Hi @rfay I have created a ngrok account, but I can't access my TYPO3 System. Error 500. In logs I found that trustedHostPattern does not match. Ok. I have started ddev share to get ngrok URI. Copy URI -> CTRL+C -> edit AdditionalConfiguration.php -> update trustedHostPattern -> save -> start ddev share again -> WTF -> The URI has changed. Nice. CTRL+C -> ddev share -> Again, a new URI. OK, I have tried ddev share --subdomain myproject Any ideas? Stefan |
|
ddev start updates the trustedHostPattern in AdditionalConfiguration.php on every start unless you remove the #ddev-generated at the top of the file. #1761 tries to add ngrok.io to trusted. |
|
Maybe you can say a little more about why you liked your entire network to be able to reach your ddev project, and how you set that up. You had edited /etc/hosts on every machine that you wanted to use to access it? Was it for testing different browsers? Or what was the purpose? |
|
Hi @rfay it's all fun and playing around a bit. Install TYPO3. Testing an extension, playing around with composer, build temporary TYPO3 instances to show it 1 or 2 other various people: Hey, it works! See here: temp.my-domain.de. And 1 or 2 days later I remove that project again. Or, what's new in TYPO3 10? Install, test, remove. So yes, I'm aware of the security problem, but in my case it's no problem. If it was hacked, I remove it completely and build another TYPO3 instance on another subdomain. There is no secure data in my projects. I'm sure I have not edited my local /etc/hosts file while using earlier Ddev versions. I have a public registered domain connected to my server, so there is no need to edit hosts file. I just have remove AdditionalConfiguration completely and started DDev again. With a little trick and switching to 443 I can now access the Installer of TYPO3, but after switching to TYPO3 Backend I get: The current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] and adapt it, if you want to allow the current host header 'abc123de45.ngrok.io' for your installation. cat AdditionalConfiguration.php does not show this ngrok domain in trustedHostPattern. Stefan |
|
You have to have added temp.my-my-domain.de somehow :) I assume you have control of DNS for that zone. Except during installs, ".*" works great for trustedHostsPattern. You can edit AdditionalConfiguration and remove the #ddev-generated line at the top and ddev won't overwrite it any more. It's annoying that TYPO3 v10 has been cracking down on trustedHostsPattern, which is why this got changed (community contributions) |
|
Access Log of ngrok: GET /typo3/index.php 500 Internal Server Error As you can see install.php works, but backend index.php fails. Stefan |
|
OK...I have changed trustedHostPatterns to .* and removed the DDev comment line. I can access the TYPO3 backend now, wow. Stefan |
|
If you're on Linux or macOS you can |
|
Hmm...I don't feel very well with ngrok and its changing and foreign domain names. I will start searching for my own little subdomain2portMapper/router now. |
|
OK...I found a solution for me: I have changed router ports in config.yaml of my projects to: and added a subdomain to FQDN section: Then I have created a docker-compose.router.yaml and mapped the public ports 80 and 443 to the configured router ports of my config.yaml 8080 and 4433. This file is a copy of ~/.ddev/router-compose.yaml which will be re-created with each start of router. Maybe it's needed to stop and remove ddev-router from docker: With next ddev start I can access my subdomain without ngrok and without any ports and my TYPO3 backend feels a little bit faster than tunneled over ngrok. And yes, I know, maybe my server is now open like a barn door again...so please do not build this setup on productive. Stefan |
|
Wow, that's brilliant. I never ever thought of using ddev-router as an additional service. Thanks! |
|
Wow?! You're thankful?! I though you will close this ticket, mark it as security hack or whatever and remove it from Github before Google can index it... Nice greetings from germany Stefan |
|
@froemken I'd love it if you could write this creative solution up as a PR for github.com/drud/ddev-contrib. So brilliant. |
Looks very nice. But does it work with multiple projects running in paralllel, e. g. on a test server where our customers can test intermediate versions of their project? |
|
It wouldn't surprise me if this would work fine in parallel with regular ddev-router, since it's listening for the same changes. You'd run the extra ddev-router only on one project. Alternately, you could run it with its own docker-compose project, the only thing would be it would have to be in the ddev_default network. |
|
With one project it works fine with HTTP, but not with HTTPS. With HTTPS the browser always shows |
|
@mfrieling I assume you're deliberately using port 4433 for https? |
|
I tried both: https://project.dev1.mydomain.at and https://project.dev1.mydomain.at:4433 and get the same error for both. |
|
Right, but you don't show your setup here, so it's not easy to tell what might be wrong. Could you gist your docker-compose.*.yaml? |
|
It is exactly the same as in the example from @froemken. The only difference is that I'not using |
|
Thanks. I spent just a little time with this and wasn't able to get it going at all. BTW @mfrieling you don't need to set timezone in php.ini any more, as config.yaml has the timezone directive. |
|
I know about the timezone, but didn't move that yet into the config.yaml. |
|
Hope it helps: Stefan |
|
The router service seems to redirect all traffic to the first ddev project and seems to not respect the hostname. I've exactly followed ddev/ddev-contrib#9. Has anyone had this work with multiple projects? It seems that changing the router ports is the change that causes this, rather than the additional service, as connecting locally with alternative router ports seems to have the same issue. |
|
Could you follow up in that pr please? |
|
A note to all in this issue that v1.11.0-rc1 has #1798, which makes it all much easier. |
Hello DDev Team,
I have my own test remote server where I can play around with DDev and other services.
I'm nearly sure that it was possible in earlier DDev versions to allow ddev-router to listen on 0.0.0.0, so that I can open my ddev-Projects with project.my-domain.de
It seems, that you have switched everything to ngrok. You have remove ddev-router configuration from docker-compose.yaml so that I can override it anymore. I have configured additional hosts and port to web-service, but ddev-router still listen on default ports.
Any idea how to listen ddev-router on 0.0.0.0 again?
Stefan
The text was updated successfully, but these errors were encountered: