SSL support for Swoole HTTP Server not working

[viezel]

• Octane Version: 0.1.1
• Laravel Version: 8.36.2
• PHP Version: 8.0.3
• Server: Swoole 4.6.4

Description:

When using Swoole HTTP Server directly without nginx as proxy - then we need to configure SSL.

In Swoole it looks like this:

$server = new Swoole\HTTP\Server(
   "0.0.0.0", 
   9501, 
   SWOOLE_PROCESS, 
   SWOOLE_SOCK_TCP | SWOOLE_SSL
);

$server->set([
  'ssl_cert_file' => '/etc/nginx/ssl/direct.example.com/3456789/server.crt',
  'ssl_key_file' => '/etc/nginx/ssl/direct.example.com/3456789/server.key',
  'ssl_ciphers' => 'TLS13-AES-256-GCM-SHA384:TLS13-...', // long string
]);

However, we cannot add the SWOOLE_SSL to the Server arguments in here: https://github.com/laravel/octane/blob/master/bin/createSwooleServer.php#L10

Can we please expose this as a config?

[themsaid]

You can use the octane.swoole.options array in the config file to set those.

[viezel]

Im talking about this flag SWOOLE_SSL

where do you see that in the options?

[themsaid]

@viezel feel free to open a PR. However, I think this flag is only available in some Swoole builds not all. You'll need to check with the Swoole team first.

Undefined constant "SWOOLE_SSL"

[viezel]

Correct, if you do not enable openssl then it will not work

[viezel]

This however opens a discussion on which swoole modules that is required enabled by Octane.

pecl install --configureoptions 'enable-sockets="no" enable-openssl="yes" enable-http2="yes" enable-mysqlnd="yes" enable-swoole-json="no" enable-swoole-curl="yes"' swoole

[kiddtang]

Created PR for this #342
For those who are looking for how to turn on HTTPS from scratch, can find the tutorial here.

[L3o-pold]

@viezel feel free to open a PR. However, I think this flag is only available in some Swoole builds not all. You'll need to check with the Swoole team first.

Undefined constant "SWOOLE_SSL"

Then why it was merged in #342?

Error  Undefined constant "SWOOLE_SSL"

It was release yesterday as a patch release (https://github.com/laravel/octane/releases/tag/v1.0.9) but for me it's a breaking change.

[kressaty]

@L3o-pold I also had this issue using Sail, I had to update Sail, replace my published dockerfile, and sail build to get functionality back. Still throwing some warnings but I think it's due to my supervisor command, though my app does work again.

[sy-records]

Undefined constant "SWOOLE_SSL"

You need to compile Swoole with openssl enabled (--enable-openssl).

[kiddtang]

@viezel feel free to open a PR. However, I think this flag is only available in some Swoole builds not all. You'll need to check with the Swoole team first.

Undefined constant "SWOOLE_SSL"

Then why it was merged in #342?

Error  Undefined constant "SWOOLE_SSL"

It was release yesterday as a patch release (https://github.com/laravel/octane/releases/tag/v1.0.9) but for me it's a breaking change.

if $config['swoole'][ssl'] is not defined, it shouldn't turn on openssl and trigger the error.

The quick fix without rebuild, define config/octane.php with

    'swoole' => [
        'ssl' => false,
    ],  

I think it is better to update to latest Laravel Sail version as it is not using PECL to install Swoole.
It is using php8.0-swoole which it faster in building the sail app docker image.

[L3o-pold]

@kiddtang editing config/octane.php is not a solution as https://github.com/laravel/octane/pull/342/files#diff-8579bc8f34b623c394a7220fd2277cb0a8183b6c9a77d99f106f9995c5a6b46dR10 will always use the SWOOLE_SSL constant.

And for my case it was not an issue in dev environment with sail but with a production environment that was not having openssl enabled for Swoole.
IMO it's a breaking change that should not be released like that.

In addition using functional testing (https://laravel.com/docs/8.x/http-tests#making-requests) will not help you to trigger the issue as it's not testing octane unfortunately.

[sts-ryan-holton]

@L3o-pold I'm getting a similar issue I believe. I'm using Apache vhosts and have generated a let's encryps ssl certificate. How can I serve my application through ssl? I added

'swoole' => [
    'ssl' => true,
    'options' => [
        'ssl_cert_file' => '/etc/letsencrypt/live/icicle-v2.example.org/cert.pem',
        'ssl_key_file' => '/etc/letsencrypt/live/icicle-v2.example.org/privkey.pem',
    ]
],

to my config file. Do I need to? Or should it be completely done via apache because that gives me a connection refused:

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/

    ServerName icicle-v2.example.org
    ServerAdmin admin@localhost
    DocumentRoot /var/www/example/current/public

    <Directory /var/www/example/current/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/

    ServerName icicle.example.org
    ServerAdmin admin@localhost
    DocumentRoot /var/www/example/current/public;

    <Directory /var/www/example/current/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>