subdomains in SSL


  • | 6489 points

    Hey @leokhoa, good day to you!

    While playing with the SSL I recognized that the new SSL features are work exceptionally well and solve many headaches.

    But the only quirk I found was, it is not able to add subdomains to the entries.

    e.g. Suppose I have 2 projects in www dir with the names:

    1. namaste
    2. world

    The auto.openssl.conf generates following for [alt_names]:

    DNS.2=namaste.test
    DNS.3=world.test
    

    I have to work with sub-domains in some projects. Thus it will be handy to have sub-domain *. added in the list.

    e.g.

    DNS.2=namaste.test
    DNS.3=*.namaste.test
    DNS.4=world.test
    DNS.5=*.namaste.test
    

    Is there any way to achieve this? If there is, please tell me how to do that and if not, can to release a patch do address that?


  • | 6489 points

    Also I found out that for any virtual-hosts that I added manually got deleted each time Laragon is started. Is that intentional?


  • administrators
    | 92633 points

    Hi @bantya :
    Good day to you too!

    Also I found out that for any virtual-hosts that I added manually got deleted each time Laragon is started. Is that intentional?

    Yes, it is intentional. Laragon will remove the auto.xxx ones when it detects changing to help:

    • Update new configurations
    • Switch to SSL or vice versa
    • Clean outdate and redundant virtual hosts

    Therefore if you want to Laragon to keeps yours, just remove the auto.


  • administrators
    | 92633 points

    Do you have many projects like this?

    If just a few, you can add additional entries in the usr/tpl/openssl.conf.tpl

    DNS.3=*.namaste.test
    DNS.4=*.world.test
    

    @bantya said in subdomains in SSL:

    Hey @leokhoa, good day to you!

    While playing with the SSL I recognized that the new SSL features are work exceptionally well and solve many headaches.

    But the only quirk I found was, it is not able to add subdomains to the entries.

    e.g. Suppose I have 2 projects in www dir with the names:

    1. namaste
    2. world

    The auto.openssl.conf generates following for [alt_names]:

    DNS.2=namaste.test
    DNS.3=world.test
    

    I have to work with sub-domains in some projects. Thus it will be handy to have sub-domain *. added in the list.

    e.g.

    DNS.2=namaste.test
    DNS.3=*.namaste.test
    DNS.4=world.test
    DNS.5=*.namaste.test
    

    Is there any way to achieve this? If there is, please tell me how to do that and if not, can to release a patch do address that?


  • | 6489 points

    Hey @leokhoa, thanks for the reply.
    Will that auto.project.test.conf be recognized by Laragon to operate?


  • | 6489 points

    @leokhoa

    I do work on many projects which contain subdomains e.g. one for main site (mysite.com and www.mysite.com) and another for api (api.mysite.com) or labs.mysite.com.

    I thought about adding those in the openssl.conf.tpl as you suggested beforehand but it is somewhat defensive as we have to manually edit the file to add it.

    I think it would be a good idea to have a checkbox on the preferances page to toggle the subdomains or to have a entry in laragon.ini i.e.:

    [preferences]
    ...
    AllowSSLSubdomains=1
    

    What do you think?


  • administrators
    | 92633 points

    @bantya : Sure, project.test.conf will be recognized and unchanged by Laragon.
    @bantya said in subdomains in SSL:

    Hey @leokhoa, thanks for the reply.
    Will that auto.project.test.conf be recognized by Laragon to operate?


  • administrators
    | 92633 points

    @bantya :
    That's a good idea!

    About configurations. How about having this subdomains section:

    [subdomains]
    mysite=api,labs
    myapp=api,test
    

    When Laragon detects that, it will create correspond wildcard SANs (*.mysite.test, *.myapp.test) and DNS entries in hosts file.
    The benefit of it is when you put Laragon to another machine, it will work on the fly.

    What do you think?

    @bantya said in subdomains in SSL:

    @leokhoa

    I do work on many projects which contain subdomains e.g. one for main site (mysite.com and www.mysite.com) and another for api (api.mysite.com) or labs.mysite.com.

    I thought about adding those in the openssl.conf.tpl as you suggested beforehand but it is somewhat defensive as we have to manually edit the file to add it.

    I think it would be a good idea to have a checkbox on the preferances page to toggle the subdomains or to have a entry in laragon.ini i.e.:

    [preferences]
    ...
    AllowSSLSubdomains=1
    

    What do you think?


  • | 6489 points

    Hi @leokhoa

    [subdomains]
    mysite=api,labs
    myapp=api,test
    

    That is Awesome.
    Your solution is far more flexible and useful than my proposal.
    Definitely 💯.

    But there are some points to consider:

    1. Having only wildcard SAN (*.mysite.test) seems quite a inclusive policy. This gives flexibility to add any nos. of SAN's without worrying about anything. i.e. we dont have to touch the laravel.ini file.
    2. Your solution is excellent, but in middle of the dev. cycle, if we need to add another subdomain blog in above example:
       [subdomains]
      mysite=api,labs,blog <-
      myapp=api,test
      
      It won't reflect the changes immediately as we will have to (manually) regenerate the SSL certs and hosts file entries as per the addition.

  • | 6489 points

    One thing I still cant figure out, what is more useful? having wildcard SAN or distinctly defined SAN's?


  • administrators
    | 92633 points

    Hi @bantya
    When you add blog, Laragon will auto detect and create new hosts entry. No need to regenerate the SSL cert because it will be satisfy by the wildcard *.mysite.test.

    In the meantime, I will generate all wildcards alongsite with project names.


  • administrators
    | 92633 points

    Having wildcard SAN is definitely useful.

    @bantya said in subdomains in SSL:

    One thing I still cant figure out, what is more useful? having wildcard SAN or distinctly defined SAN's?


  • administrators
    | 92633 points

    @bantya : I've released Laragon 3.3.2 which supports wildcard SAN.


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.