Skip to content
This repository has been archived by the owner on May 28, 2023. It is now read-only.

Make self-signed certificates work for development #287

Closed
cewald opened this issue Jun 24, 2019 · 4 comments
Closed

Make self-signed certificates work for development #287

cewald opened this issue Jun 24, 2019 · 4 comments
Labels
1: Easy feature request Requests for new features. Please be as specific as possible good first issue P1: Urgent Priority mark - high priority

Comments

@cewald
Copy link
Contributor

cewald commented Jun 24, 2019

If the connected Magento (1.9 in our case) shop uses a self-signed certificate, e.g. in development environment, the API will drop the error message Error occured: Error: self signed certificate and won’t be able to connect to your Magento instance using e.g. DivanteLtd/magento1-vsbridge and DivanteLtd/magento1-vsbridge-client.

To prevent this behavior and make a dev environment work, you can disable TLS rejection using an env variable called NODE_TLS_REJECT_UNAUTHORIZED.

In our case we added it to our docker-compose file like:


services:
  vsf-api-app:
    image: divante/vue-storefront-api
    
    environment:
      NODE_TLS_REJECT_UNAUTHORIZED: 0

!!! Of course, this shouldn't be used in a production environment.
@cewald cewald mentioned this issue Jun 24, 2019
Closed
@lukeromanowicz
Copy link
Contributor

lukeromanowicz commented Jul 1, 2019
edited
Loading

Although adding that env variable will make it work, it's unsafe to use it. We cannot accept that because many users base their prod environment on the provided docker-compose files.

A preferable way to solve it would be creating a shared directory for storing self-signed certs and using syswide-cas to load them into the application runtime.

@lukeromanowicz lukeromanowicz added 1: Easy feature request Requests for new features. Please be as specific as possible good first issue P1: Urgent Priority mark - high priority labels Jul 1, 2019
@cewald
Copy link
Contributor Author

cewald commented Jul 1, 2019

Yes, indeed. It's definitly a work around for the develop environment or e.g. test runs during continuos integration only and clearly not meant to be used in production. The idea with a shared folder surely would work but is quiet a lot of configuration for developing or testing. I'm not sure whats the better way or at least how to mark it as dev-only setting.
I just stumbled about this issue during testing and found this quiet painless solution that I thought would be good to know for everybody elses first steps with this system.

@lukeromanowicz
Copy link
Contributor

I would argue that it's lots of configuration. Maybe it's a little bit more development to set it up but later the only configuration you need to do is to dump your self signed certificates to the 'certs' directory or whatever it will be called.

Regarding your solution: it's a workaround for a local dev environment which of course might be helpful for other devs facing this problem but as I mentioned above, we cannot merge it because of security reasons.

@lukeromanowicz lukeromanowicz mentioned this issue Jul 2, 2019
Merged
@lukeromanowicz
Copy link
Contributor

@cewald I've prepared a PR featuring syswide-cas approach. Feel free to test it and share your opinion 🙂

@pkarw pkarw closed this as completed Jul 23, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
1: Easy feature request Requests for new features. Please be as specific as possible good first issue P1: Urgent Priority mark - high priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pkarw @cewald @lukeromanowicz