Enable HTTPS

[davegreenwp]

It would be worth getting HTTPS running in a local development context, not only because this more closely mirrors staging and production environments, but because projects/features involving specific technologies e.g. Service Workers have HTTPS as a dependency.

I'd argue that HTTPS as a default may be worth considering; is plain HTTP a dependency for anything?

Here's a summary of the steps I've taken to get around the lack of HTTPS support:

⚠️ HTTPS will only work in Firefox at the time of writing using this method; Chrome support is TBC.

1. Modify the wordpress section of docker-compose.yml to add port 443 like so:

  wordpress:
    image: thedxw/wpc-wordpress
    ports:
      - "80:80"
      - "443:443"
    links:
      - mysql
      - mailcatcher
      - beanstalk
    volumes:
      - .:/usr/src/app
      - ./wp-content:/var/www/html/wp-content

2. Open a shell on the container by entering script/console in your terminal from the root of the repository.
3. Create a certificate and key with openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt.
4. Populate the data accordingly when prompted; just adding GB as the country code will suffice.
5. Overwrite the default virtual host configuration by entering the following at the terminal: cat > /etc/apache2/sites-enabled/000-default.conf immediately followed by pasting the following:

<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	SSLEngine on

	SSLCertificateFile    /etc/ssl/certs/apache-selfsigned.crt
	SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

...then CRTL+C to save the changes.
6. Enable the SSL module with a2enmod ssl.
7. Test the Apache configuration with apache2ctl configtest.
8. Restart Apache with service apache2 restart.
9. In the WordPress admin, go to Settings > General > Force secure connections; check and save.
10. Visit https://localhost and add a security exception in your browser; you now have HTTPS!

This could be done in a more robust manner, adding a second virtual host configuration rather than overwriting the existing one, but this implements the change in the shortest amount of time.

These changes are wiped out every time the container is cycled, so scripting this would be helpful; this could just live as a bash script in the repository rather than as a modification to the container?

Happy to PR something if this has legs?