Replace http with https and fake cert in local VMs #896
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The config is smaller, easier to maintain and covers all local containers. It also makes sure that we use the real production config for Nginx and that the local configs don't get out of date. It does mean that you need to accept an insecure certificate when you access the website locally but then the connection is encrypted. This also enables you to test browser behaviour around redirects to https and security settings only available with https.
We state in the Readme that ofn-install is meant for setting up staging and production servers. The openfoodnetwork repository has instructions for development setups. Our deploy scripts assume staging or production and fail if the environment is set to development. It makes the code easier.
It can be the same for every local host. I also updated some values to be the same as in the openfoodnetwork development environment.
dacook
approved these changes
Sep 28, 2023
inventory/group_vars/local.yml
Outdated
| admin_email: [email protected] | ||
| mail_domain: example.com | ||
|
|
||
| # Add missing vars to emulate /local_vagrant/secrets.yml |
There was a problem hiding this comment.
I think the exact path of secrets.yml is unimportant here:
Suggested change
| # Add missing vars to emulate /local_vagrant/secrets.yml | |
| # Add missing vars to emulate secrets.yml |
inventory/group_vars/local.yml
Outdated
| @@ -18,3 +18,21 @@ developer_email: [email protected] | |||
|
|
|||
| users_sysadmin: | |||
| - "{{ core_devs }}" | |||
|
|
|||
| # Test host configuration | |||
There was a problem hiding this comment.
Seeing as the whole section below is pertaining to test/local hosts, maybe we can make this look more like section comment:
Suggested change
| # Test host configuration | |
| # *** Test host configuration *** |
(I'm not sure if we have another convention in this codebase already, or you have a different preference. If so pls update!)
rioug
approved these changes
Sep 29, 2023
|
I cancelled the checks as it wants to use Ubuntu 18 runners which I believe github doesn't offer any more. |
Thanks to David. [skip ci]
[skip ci]
|
Thank you! I updated the comments. Merging. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Most local machines had their own nginx config to use only http. But the lxc host was missing that config which led me to these tasks: