Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Errors while and after using http2 #945

Closed
1 of 3 tasks
mike-lischke opened this issue Dec 5, 2022 · 9 comments
Closed
1 of 3 tasks

Errors while and after using http2 #945

mike-lischke opened this issue Dec 5, 2022 · 9 comments
Labels
bug Something isn't working

Comments

@mike-lischke
Copy link

mike-lischke commented Dec 5, 2022

Describe the bug
Enabling http2 in the wmr config causes an error and then prevents normal http to work afterwards.

To Reproduce

In an attempt to make the dev server using https (for which I couldn't find any documentation) I experimented with the http2 setting (wmr.config.ts):

import { defineConfig } from 'wmr';

// Full list of options: https://wmr.dev/docs/configuration
export default defineConfig((options) => {
    return {
        alias: {
            react: 'preact/compat',
            'react-dom': 'preact/compat'
        },
        out: "build",
        host: "localhost",
        port: 3301,
        http2: true,
        sourcemap: true,
        debug: true,
    };
});

With that I ran my npm script dev:

"dev": "wmr start",

which asked me for a password (without explaining why's that needed) and then failed:

Password:
Unable to create HTTP2 server, falling back to HTTP1:
Error: Command failed: openssl req -new -x509 -config /Users/mike/Downloads/Test/wmr/node_modules/openssl-configurations/certificate-authority-self-signing.conf -key /var/folders/03/gj5f1gl92w11zc3l2c526dnm0000gn/T/tmp-9362CpF75xdGDPVv.tmp -out /Users/mike/Library/Application Support/devcert/certificate-authority/certificate.cert -days 825
error on line -1 of /Users/mike/Downloads/Test/wmr/node_modules/openssl-configurations/certificate-authority-self-signing.conf
8137630976:error:02FFF002:system library:func(4095):No such file or directory:/AppleInternal/Library/BuildRoots/810eba08-405a-11ed-86e9-6af958a02716/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/bio/bss_file.c:122:fopen('/Users/mike/Downloads/Test/wmr/node_modules/openssl-configurations/certificate-authority-self-signing.conf', 'rb')
8137630976:error:20FFF080:BIO routines:CRYPTO_internal:no such file:/AppleInternal/Library/BuildRoots/810eba08-405a-11ed-86e9-6af958a02716/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/bio/bss_file.c:125:
8137630976:error:0EFFF072:configuration file routines:CRYPTO_internal:no such file:/AppleInternal/Library/BuildRoots/810eba08-405a-11ed-86e9-6af958a02716/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/conf/conf_def.c:200:


  👩‍🚀 WMR dev server running at:

  Local:   http://localhost:3301
  Network: (disabled, see --host)

This wouldn't be a big issue if this call had not changed something which now prevents to connect to the server from Chrome and Safari (only Brave works), which prints a ERR_CONNECTION_REFUSED error.

Expected behavior

There are actually 3 points here:

  • Help users to set up https.
  • Help users with errors when enabling http2.
  • Make sure standard setup does not get broken in case of errors in the http2 setup.

Bug occurs with:

  • wmr or wmr start (development)
  • wmr build (production)
  • wmr serve

Desktop (please complete the following information):

  • OS: macOS 13.0.1
  • Browser: Chrome, Safari and Firefox fail, Brave works
  • Node Version: 16.18.1
  • WMR Version: 3.8.0

Additional context

I'm currently evaluating wmr to switch over our current React application, but am pretty much blocked by the leftovers from the http2 attempt. So I would much appreciate a way to clean up and get at least http access back.

Many thanks, Mike

@mike-lischke mike-lischke added the bug Something isn't working label Dec 5, 2022
@rschristian
Copy link
Member

rschristian commented Dec 5, 2022

Possibly a duplicate of #252?

which asked me for a password (without explaining why's that needed)

WMR uses devcert to try to help set up HTTPS as it's usually a pain to do correctly & manually. This means creating a CA and registering it with your OS.

While I have my, opinions, about this process and using devcert, that's what it's doing. I'm guessing there's now a half-baked cert registered with your CA that's causing issues, but not positive. Asking on their tracker might get you better help.

I'm currently evaluating wmr to switch over our current React application

I should warn, WMR hasn't seen any (real) development in well over a year now. I (amongst others) do still use it, but it has a fair number of rough edges and can sometimes require some "maintainer's knowledge" to wield optimally. Just want to make that clear.

It can still be viable, but bug fixes are unlikely to happen.

@mike-lischke
Copy link
Author

That's great information @rschristian! Should help us to evaluate the right tool to use.

I found that other issue when I searched for "http2" and also tried installing "devcert", but to no avail.

Now I wonder how to get back my system to the state before trying http2. I would like to avoid restoring the system from Time Machine.

@rschristian
Copy link
Member

rschristian commented Dec 5, 2022

Apologies, I'm not a Mac user so can't give great instructions, but this seems to be what devcert is doing:

https://github.com/davewasmer/devcert/blob/0638b157c156c41577e0bc0527ec946b2aed33c7/src/platforms/darwin.ts#L22-L46

I'm wondering (hoping) it's as easy as just running a "remove-trusted-cert" or if it's a file you can directly edit if needs be to get that localhost cert gone that's causing you issues.

Re: Build tools, Vite, Astro, and Fresh are all excellent and support Preact (Fresh being a Preact-specific framework). I know you've tested out preact-cli earlier this week and directly because of that I'm pushing to remove it as a recommended tool. Apologies for our tooling being a bit of a mess at the moment, we're figuring some things out.

@mike-lischke
Copy link
Author

mike-lischke commented Dec 5, 2022

Actually, I can remove certs using the keychain app. Just need to know which one, to avoid making the situation even worse :-)

Many thanks for trying to help here. Much appreciated! Yes, I tried preact-cli but found it too heavy. We want to have a really light-weight setup, doing all configuration ourselves etc. so I decided to start from scratch. But I am not yet set on a specific build tool. I'll try what you recommended!

@rschristian
Copy link
Member

Linux brain, I immediately jump to editing some config file or running the command in reverse :-)

AFAIK we don't set any name or anything, just ask it to create a cert for the hostname. Any chance you just have the one for localhost?

const { key, cert } = await devcert.certificateFor(host);

@mike-lischke
Copy link
Author

mike-lischke commented Dec 5, 2022

I cleaned up a bit but still get the error. However, I wonder how a certificate can influence the http connection? Isn't that only used for https?

Interesting also that (at least for the Firefox setup) brew is used, which means it should be installed (one cannot rely on that) and it's broken on my M1 CPU, so I cannot use it anyway.

@rschristian
Copy link
Member

rschristian commented Dec 5, 2022

Honestly, I'm not sure. It doesn't seem that far-fetched to me that a browser would refuse a connection if it suspects some certificate tomfoolery going on (as unfortunately local HTTPS necessitates). I don't really know enough about that.

Interesting also that (at least for the Firefox setup) brew is used, which means it should be installed (one cannot rely on that) and it's broken on my M1 CPU, so I cannot use it anyway.

Indeed! Additionally, one of the reasons I'm not a fan of devcert is that it assumes Linux == Debian, which, er, is not an ideal assumption. I had to do a lot of patching originally to get it working on an Arch-based system: #252 (comment)

@developit
Copy link
Member

developit commented Dec 5, 2022

@mike-lischke any chance you've tried restarting Chrome? This could be HSTS pinning - either restart Chrome, or go to chrome://net-internals/#hsts and enter localhost into the "Delete domain security policies" section at the bottom.

As for DevCert, last time I used it was before the M1's arrived. We may also be on an old version?

@mike-lischke
Copy link
Author

@developit Unfortunately this didn't help.

In the meantime I jumped over to Vite and found this a great combination with Preact. So I think we can close this issue.

Thank you guys!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants