MCLOUD-6469: dh key too small when trying to use magento-cloud-docker…

.travis.yml

@@ -52,7 +52,6 @@ jobs:
       env:
         - TEST_SUITE=build-images
       script:
-        - if [ $TRAVIS_SECURE_ENV_VARS == "true" ]; then ./tests/travis/images.sh tls; fi;
         - if [ $TRAVIS_SECURE_ENV_VARS == "true" ]; then ./tests/travis/images.sh varnish; fi;
         - if [ $TRAVIS_SECURE_ENV_VARS == "true" ]; then ./tests/travis/images.sh elasticsearch; fi;
         - if [ $TRAVIS_SECURE_ENV_VARS == "true" ]; then ./tests/travis/images.sh nginx; fi;

images/php/7.2-fpm/Dockerfile

@@ -51,9 +51,6 @@ RUN wget https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendma
     && sudo chmod +x mhsendmail_linux_amd64 \
     && sudo mv mhsendmail_linux_amd64 /usr/local/bin/mhsendmail
 
-# Change security level to avoid `dh key too small` error
-RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /etc/ssl/openssl.cnf
-
 # Configure the gd library
 RUN docker-php-ext-configure \
   gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/

images/php/7.3-fpm/Dockerfile

@@ -49,9 +49,6 @@ RUN wget https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendma
     && sudo chmod +x mhsendmail_linux_amd64 \
     && sudo mv mhsendmail_linux_amd64 /usr/local/bin/mhsendmail
 
-# Change security level to avoid `dh key too small` error
-RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /etc/ssl/openssl.cnf
-
 # Configure the gd library
 RUN docker-php-ext-configure \
   gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/

images/php/7.4-fpm/Dockerfile

@@ -45,9 +45,6 @@ RUN wget https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendma
     && sudo chmod +x mhsendmail_linux_amd64 \
     && sudo mv mhsendmail_linux_amd64 /usr/local/bin/mhsendmail
 
-# Change security level to avoid `dh key too small` error
-RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /etc/ssl/openssl.cnf
-
 # Configure the gd library
 RUN docker-php-ext-configure \
   gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/

images/php/fpm/Dockerfile

@@ -24,9 +24,6 @@ RUN wget https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendma
     && sudo chmod +x mhsendmail_linux_amd64 \
     && sudo mv mhsendmail_linux_amd64 /usr/local/bin/mhsendmail
 
-# Change security level to avoid `dh key too small` error
-RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /etc/ssl/openssl.cnf
-
 # Configure the gd library
 {%docker-php-ext-configure%}
 

images/nginx/1.9/Dockerfile → images/web/Dockerfile

@@ -1,9 +1,11 @@
-FROM nginx:1.9
+FROM nginx
 
 ENV UPLOAD_MAX_FILESIZE 64M
 ENV FPM_HOST fpm
 ENV XDEBUG_HOST fpm_xdebug
 ENV FPM_PORT 9000
+ENV VARNISH_HOST web
+ENV VARNISH_PORT 80
 ENV MAGENTO_ROOT /app
 ENV MAGENTO_RUN_MODE production
 ENV MFTF_UTILS 0
@@ -13,26 +15,20 @@ COPY etc/nginx.conf /etc/nginx/
 COPY etc/vhost.conf /etc/nginx/conf.d/default.conf
 COPY etc/xdebug-upstream.conf /etc/nginx/conf.d/xdebug/upstream.conf
 
-RUN apt-get update && apt-get install -y openssl curl
-RUN mkdir /etc/nginx/ssl \
-  && echo -e "\n\n\n\n\n\n\n" | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/magento.key -out /etc/nginx/ssl/magento.crt
+RUN mkdir /etc/nginx/ssl
+COPY certs/* /etc/nginx/ssl/
 
 RUN groupadd -g 1000 www && useradd -g 1000 -u 1000 -d ${MAGENTO_ROOT} -s /bin/bash www
 
 VOLUME ${MAGENTO_ROOT}
 
-COPY nginx-healthcheck.sh /usr/local/bin/nginx-healthcheck.sh
-RUN ["chmod", "+x", "/usr/local/bin/nginx-healthcheck.sh"]
-
-HEALTHCHECK --retries=3 CMD ["bash", "/usr/local/bin/nginx-healthcheck.sh"]
-
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 RUN ["chmod", "+x", "/docker-entrypoint.sh"]
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
 USER root
 
-EXPOSE 80
+EXPOSE 443
 
 WORKDIR ${MAGENTO_ROOT}
 

images/nginx/1.9/docker-entrypoint.sh → images/web/docker-entrypoint.sh

@@ -10,6 +10,8 @@ XDEBUG_UPSTREAM_FILE="/etc/nginx/conf.d/xdebug/upstream.conf"
 [ ! -z "${XDEBUG_HOST}" ] && sed -i "s/!XDEBUG_HOST!/${XDEBUG_HOST}/" $XDEBUG_UPSTREAM_FILE
 [ ! -z "${FPM_PORT}" ] && sed -i "s/!FPM_PORT!/${FPM_PORT}/" $VHOST_FILE
 [ ! -z "${FPM_PORT}" ] && sed -i "s/!FPM_PORT!/${FPM_PORT}/" $XDEBUG_UPSTREAM_FILE
+[ ! -z "${VARNISH_HOST}" ] && sed -i "s/!VARNISH_HOST!/${VARNISH_HOST}/" $VHOST_FILE
+[ ! -z "${VARNISH_PORT}" ] && sed -i "s/!VARNISH_PORT!/${VARNISH_PORT}/" $VHOST_FILE
 [ ! -z "${MAGENTO_ROOT}" ] && sed -i "s#!MAGENTO_ROOT!#${MAGENTO_ROOT}#" $VHOST_FILE
 [ ! -z "${MAGENTO_RUN_MODE}" ] && sed -i "s/!MAGENTO_RUN_MODE!/${MAGENTO_RUN_MODE}/" $VHOST_FILE
 [ ! -z "${MFTF_UTILS}" ] && sed -i "s/!MFTF_UTILS!/${MFTF_UTILS}/" $VHOST_FILE

images/nginx/1.9/etc/vhost.conf → images/web/etc/vhost.conf

@@ -3,8 +3,27 @@ upstream fastcgi_backend {
 }
 
 server {
-    listen 80;
     listen 443 ssl;
+
+    server_name _;
+
+    ssl_certificate /etc/nginx/ssl/magento.crt;
+    ssl_certificate_key /etc/nginx/ssl/magento.key;
+
+    location / {
+        proxy_pass http://!VARNISH_HOST!:!VARNISH_PORT!;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        proxy_busy_buffers_size 256k;
+    }
+}
+
+server {
+    listen 80;
 
     fastcgi_buffers 16 16k;
     fastcgi_buffer_size 32k;

src/Compose/ProductionBuilder.php

@@ -255,23 +255,27 @@ public function build(Config $config): Manager
             [self::NETWORK_MAGENTO],
             [self::SERVICE_DB => ['condition' => 'service_healthy']]
         );
+
+        $webConfig = [
+            'volumes' => $volumesRo,
+            'environment' => [
+                'WITH_XDEBUG=' . (int)$config->hasServiceEnabled(ServiceInterface::SERVICE_FPM_XDEBUG)
+            ]
+        ];
+
+        if (!$config->hasServiceEnabled(self::SERVICE_VARNISH)) {
+            $webConfig['ports'] = [$config->getPort() . ':80'];
+            $webConfig['environment'][] = 'VIRTUAL_HOST=' . $config->getHost();
+            $webConfig['environment'][] = 'VIRTUAL_PORT=' . $config->getPort();
+            $webConfig['environment'][] = 'HTTPS_METHOD=noredirect';
+        }
+
         $manager->addService(
             self::SERVICE_WEB,
             $this->serviceFactory->create(
                 ServiceInterface::SERVICE_NGINX,
                 $config->getServiceVersion(ServiceInterface::SERVICE_NGINX),
-                [
-                    'volumes' => $volumesRo,
-                    'environment' => [
-                        'VIRTUAL_HOST=' . $config->getHost(),
-                        'VIRTUAL_PORT=80',
-                        'HTTPS_METHOD=noredirect',
-                        'WITH_XDEBUG=' . (int)$config->hasServiceEnabled(ServiceInterface::SERVICE_FPM_XDEBUG)
-                    ],
-                    'ports' => [
-                        $config->getPort() . ':80'
-                    ]
-                ]
+                $webConfig
             ),
             [self::NETWORK_MAGENTO],
             [self::SERVICE_FPM => []]
@@ -288,11 +292,17 @@ public function build(Config $config): Manager
                             self::NETWORK_MAGENTO => [
                                 'aliases' => [$config->getHost()]
                             ]
+                        ],
+                        'ports' => [$config->getPort() . ':80'],
+                        'environment' => [
+                            'VIRTUAL_HOST=' . $config->getHost(),
+                            'VIRTUAL_PORT=' . $config->getPort(),
+                            'HTTPS_METHOD=noredirect'
                         ]
                     ]
                 ),
                 [],
-                [self::SERVICE_WEB => ['condition' => 'service_healthy']]
+                [self::SERVICE_WEB => ['condition' => 'service_started']]
             );
         }
 
@@ -305,7 +315,7 @@ public function build(Config $config): Manager
                 ServiceInterface::SERVICE_TLS,
                 $config->getServiceVersion(ServiceInterface::SERVICE_TLS),
                 [
-                    'environment' => ['HTTPS_UPSTREAM_SERVER_ADDRESS' => $tlsBackendService],
+                    'environment' => ['VARNISH_HOST' => $tlsBackendService],
                 ]
             ),
             [self::NETWORK_MAGENTO],