listen VALET_LOOPBACK:443 ssl; # valet loopback not being updated when linking a new vhost #1503
Description
Description
When linking a new secured vhost, valet link domain-name --secure the new nginx config is generated, however, if you've configured the loopback with valet loopback 10.254.254.254 the new nginx config that's created has the correct info replaced in the non ssl server block, but leaves the variable name in place in the :443 server block and has it commented out:
server {
listen 127.0.0.1:80;
listen 10.254.254.254:80; # valet loopback
server_name domain-name.test www.domain-name.test *.domain-name.test;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:443 ssl;
#listen VALET_LOOPBACK:443 ssl; # valet loopback <<<<<< HERE
server_name domain-name.test www.domain-name.test *.domain-name.test;
root /;
charset utf-8;
client_max_body_size 512M;
http2 on;
Steps To Reproduce
- Laravel Valet 4.8.0 (this also was happening to me in 4.7.1 as well)
- Set the loop back
valet loopback 10.254.254.254 - Create a new secure vhost,
valet link domain-name --secureand then note the the configuration isn't updating the loopback in the ssl server block in~/.config/valet/Nginx/domain-name.test
Diagnosis
sw_vers
ProductName: macOS ProductVersion: 15.1.1 BuildVersion: 24B91
valet --version
Laravel Valet 4.8.0
cat ~/.config/valet/config.json
{
"paths": [
"/Users/mitch/.config/valet/Sites"
],
"tld": "test",
"loopback": "10.254.254.254"
}
cat ~/.composer/composer.json
{
"require-dev": {
"phpstan/phpstan": "^1.10"
},
"require": {
"laravel/valet": "^4.8"
}
}
composer global diagnose
Changed current directory to /Users/mitch/.composer Checking composer.json: WARNING No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license. Checking platform settings: OK Checking git settings: OK git version 2.39.5 Checking http connectivity to packagist: OK Checking https connectivity to packagist: OK Checking github.com oauth access: OK expires on 2025-05-13 05:00:00 UTC Checking disk free space: OK Checking pubkeys: Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642 Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952 OK Checking Composer version: You are not running the latest stable version, run `composer self-update` to update (2.7.7 => 2.8.3) Checking Composer and its dependencies for vulnerabilities: FAIL Audit found some issues: Found 1 security vulnerability advisory affecting 1 package: +-------------------+----------------------------------------------------------------------------------+ | Package | symfony/process | | Severity | high | | CVE | CVE-2024-51736 | | Title | CVE-2024-51736: Command execution hijack on Windows with Process class | | URL | https://symfony.com/cve-2024-51736 | | Affected versions | >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2 | | | .0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,< | | | 6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7 | | Reported at | 2024-11-05T08:00:00+00:00 | +-------------------+----------------------------------------------------------------------------------+ Composer version: 2.7.7 PHP version: 8.2.19 PHP binary path: /opt/homebrew/Cellar/php@8.2/8.2.19/bin/php OpenSSL version: OpenSSL 3.3.0 9 Apr 2024 curl version: 8.8.0 libz 1.2.12 ssl (SecureTransport) OpenSSL/3.3.1 zip: extension present, unzip present, 7-Zip not available
composer global outdated
Changed current directory to /Users/mitch/.composer Legend: ! patch or minor release available - update recommended ~ major release available - update possibleDirect dependencies required in composer.json:
phpstan/phpstan 1.12.11 ~ 2.0.2 PHPStan - PHP Static Analysis Tool
illuminate/collections 11.33.2 ! 11.34.0 The Illuminate Collections package.
illuminate/conditionable 11.33.2 ! 11.34.0 The Illuminate Conditionable pack...
illuminate/container 11.33.2 ! 11.34.0 The Illuminate Container package.
illuminate/contracts 11.33.2 ! 11.34.0 The Illuminate Contracts package.
illuminate/macroable 11.33.2 ! 11.34.0 The Illuminate Macroable package.Transitive dependencies not required in composer.json:
ls -al /etc/sudoers.d/
total 16 drwxr-xr-x 4 root wheel 128 Nov 20 08:42 . drwxr-xr-x 80 root wheel 2560 Nov 20 15:11 .. -rw-r--r-- 1 root wheel 83 Jan 28 2022 brew -rw-r--r-- 1 root wheel 86 Jan 28 2022 valet
brew config
HOMEBREW_VERSION: 4.4.8-4-g6fb9d2d ORIGIN: https://github.com/Homebrew/brew HEAD: 6fb9d2d2f42ad22390e7bd893c5c3302c176259d Last commit: 6 hours ago Branch: master Core tap HEAD: 209eaa7280634e31b0d57d7fc78ba60937a3041a Core tap last commit: 14 minutes ago Core tap JSON: 26 Nov 15:47 UTC Core cask tap HEAD: b47ce76ae8411f2e628079972fff61c74e28220c Core cask tap last commit: 26 minutes ago Core cask tap JSON: 26 Nov 15:47 UTC HOMEBREW_PREFIX: /opt/homebrew HOMEBREW_CASK_OPTS: [] HOMEBREW_MAKE_JOBS: 10 HOMEBREW_SORBET_RUNTIME: set Homebrew Ruby: 3.3.6 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.6/bin/ruby CPU: 10-core 64-bit arm_firestorm_icestorm Clang: 16.0.0 build 1600 Git: 2.39.5 => /Applications/Xcode.app/Contents/Developer/usr/bin/git Curl: 8.7.1 => /usr/bin/curl macOS: 15.1.1-arm64 CLT: N/A Xcode: 16.1 Rosetta 2: false
brew services list
Warning: running through sudo, using user/* instead of gui/* domain! Hide this warning by setting HOMEBREW_SERVICES_NO_DOMAIN_WARNING. Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`). Name Status User File dnsmasq none root httpd none mysql started mitch ~/Library/LaunchAgents/homebrew.mxcl.mysql.plist nginx none root php none php@7.1 none php@7.2 none php@7.3 none php@7.4 none root php@8.0 none root php@8.1 none root php@8.2 none root postgresql@14 none unbound none
brew list --formula --versions | grep -E "(php|nginx|dnsmasq|mariadb|mysql|mailhog|openssl)(@\d\..*)?\s"
dnsmasq 2.90 mysql 8.3.0_1 nginx 1.25.1_1 1.25.5 openssl@1.1 1.1.1u php 8.2.8 8.3.6 8.3.8 php@7.1 7.1.33_4 7.1.33_10 php@7.2 7.2.34_11 7.2.34_4 php@7.3 7.3.33_9 7.3.33_1 7.3.33_2 php@7.4 7.4.33 7.4.33_6 7.4.33_3 php@8.0 8.0.29_1 8.0.28 php@8.1 8.1.28 8.1.21 php@8.2 8.2.19
brew outdated
ansible aom apr c-ares ca-certificates capstone cffi minacle/chntpw/chntpw cloudflared composer curl doctl dosbox-staging fluid-synth freetds freetype gdbm glib htop httpd icu4c@76 iir1 imath jpeg-turbo jpeg-xl krb5 libavif libfido2 libnghttp2 libpng libpq libslirp libsndfile libssh libssh2 libtiff libtool libunistring libusb libuv libzip lz4 mkcert mpdecimal mpg123 mt32emu mysql ncurses nettle nginx node openexr openssl@1.1 openssl@3 opus p11-kit pcre2 php php-code-sniffer shivammathur/php/php@7.1 shivammathur/php/php@7.2 shivammathur/php/php@7.3 shivammathur/php/php@7.4 php@8.0 php@8.1 php@8.2 pixman platformsh/tap/platformsh-cli postgresql@14 protobuf protobuf@21 pycparser python@3.10 python@3.11 python@3.9 pyyaml qemu readline sdl2 sdl2_image six snappy sqlite pantheon-systems/external/terminus roots/tap/trellis-cli unbound wimlib xz yarn
brew tap
cloudflare/cloudflare henkrehorst/php homebrew/cask homebrew/core homebrew/services minacle/chntpw pantheon-systems/external platformsh/tap roots/tap shivammathur/php sidneys/homebrew
php -v
PHP 8.2.19 (cli) (built: May 7 2024 14:19:14) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.19, Copyright (c) Zend Technologies
with Zend OPcache v8.2.19, Copyright (c), by Zend Technologies
which -a php
/opt/homebrew/bin/php
php --ini
Configuration File (php.ini) Path: /opt/homebrew/etc/php/8.2 Loaded Configuration File: /opt/homebrew/etc/php/8.2/php.ini Scan for additional .ini files in: /opt/homebrew/etc/php/8.2/conf.d Additional .ini files parsed: /opt/homebrew/etc/php/8.2/conf.d/error_log.ini, /opt/homebrew/etc/php/8.2/conf.d/ext-opcache.ini, /opt/homebrew/etc/php/8.2/conf.d/php-memory-limits.ini
nginx -v
nginx version: nginx/1.25.5
curl --version
curl 8.7.1 (x86_64-apple-darwin24.0) libcurl/8.7.1 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.62.0 Release-Date: 2024-03-27 Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL threadsafe UnixSockets
php --ri curl
curlcURL support => enabled
cURL Information => 8.8.0
Age => 11
Features
AsynchDNS => Yes
CharConv => No
Debug => No
GSS-Negotiate => No
IDN => Yes
IPv6 => Yes
krb4 => No
Largefile => Yes
libz => Yes
NTLM => Yes
NTLMWB => No
SPNEGO => Yes
SSL => Yes
SSPI => No
TLS-SRP => Yes
HTTP2 => Yes
GSSAPI => Yes
KERBEROS5 => Yes
UNIX_SOCKETS => Yes
PSL => No
HTTPS_PROXY => Yes
MULTI_SSL => Yes
BROTLI => Yes
ALTSVC => Yes
HTTP3 => No
UNICODE => No
ZSTD => Yes
HSTS => Yes
GSASL => No
Protocols => dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtmp, rtmpe, rtmps, rtmpt, rtmpte, rtmpts, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
Host => aarch64-apple-darwin23.4.0
SSL Version => (SecureTransport) OpenSSL/3.3.1
ZLib Version => 1.2.12
libSSH Version => libssh2/1.11.0Directive => Local Value => Master Value
curl.cainfo => no value => no value
/opt/homebrew/bin/ngrok version
sudo: /opt/homebrew/bin/ngrok: command not found
ls -al ~/.ngrok2
ls: /Users/mitch/.ngrok2: No such file or directory
brew info nginx
==> nginx: stable 1.27.2 (bottled), HEAD HTTP(S) server and reverse proxy, and IMAP/POP3 proxy server https://nginx.org/ Installed /opt/homebrew/Cellar/nginx/1.25.1_1 (23 files, 2.4MB) Built from source /opt/homebrew/Cellar/nginx/1.25.5 (26 files, 2.4MB) * Poured from bottle using the formulae.brew.sh API on 2024-04-26 at 15:31:59 From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/n/nginx.rb License: BSD-2-Clause ==> Dependencies Required: openssl@3, pcre2 ==> Options --HEAD Install HEAD version ==> Caveats Docroot is: /opt/homebrew/var/wwwThe default port has been set in /opt/homebrew/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.nginx will load all files in /opt/homebrew/etc/nginx/servers/.
To start nginx now and restart at login:
brew services start nginx
Or, if you don't want/need a background service you can just run:
/opt/homebrew/opt/nginx/bin/nginx -g daemon\ off;
==> Analytics
install: 10,591 (30 days), 38,009 (90 days), 158,767 (365 days)
install-on-request: 10,585 (30 days), 37,966 (90 days), 158,347 (365 days)
build-error: 28 (30 days)
brew info php
==> php: stable 8.4.1 (bottled), HEAD
General-purpose scripting language
https://www.php.net/
Installed
/opt/homebrew/Cellar/php/8.2.8 (518 files, 83.5MB)
Built from source
/opt/homebrew/Cellar/php/8.3.6 (521 files, 88.7MB)
Built from source
/opt/homebrew/Cellar/php/8.3.8 (525 files, 88.8MB)
Poured from bottle using the formulae.brew.sh API on 2024-06-17 at 09:22:48
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/p/php.rb
License: PHP-3.01
==> Dependencies
Build: httpd, pkgconf
Required: apr, apr-util, argon2, aspell, autoconf, curl, freetds, gd, gettext, gmp, icu4c@76, krb5, libpq, libsodium, libzip, oniguruma, openldap, openssl@3, pcre2, sqlite, tidy-html5, unixodbc
==> Options
--HEAD
Install HEAD version
==> Caveats
To enable PHP in Apache add the following to httpd.conf and restart Apache:
LoadModule php_module /opt/homebrew/opt/php/lib/httpd/modules/libphp.so
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
Finally, check DirectoryIndex includes index.php
DirectoryIndex index.php index.html
The php.ini and php-fpm.ini file can be found in:
/opt/homebrew/etc/php/8.4/
To start php now and restart at login:
brew services start php
Or, if you don't want/need a background service you can just run:
/opt/homebrew/opt/php/sbin/php-fpm --nodaemonize
==> Analytics
install: 59,034 (30 days), 173,542 (90 days), 676,076 (365 days)
install-on-request: 55,048 (30 days), 161,959 (90 days), 630,537 (365 days)
build-error: 61 (30 days)
brew info openssl
==> openssl@3: stable 3.4.0 (bottled) Cryptography and SSL/TLS Toolkit https://openssl-library.org Installed /opt/homebrew/Cellar/openssl@3/3.3.1 (6,982 files, 32.5MB) * Poured from bottle using the formulae.brew.sh API on 2024-06-17 at 09:22:43 From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/o/openssl@3.rb License: Apache-2.0 ==> Dependencies Required: ca-certificates ==> Caveats A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in /opt/homebrew/etc/openssl@3/certsand run
/opt/homebrew/opt/openssl@3/bin/c_rehash
==> Analytics
install: 488,601 (30 days), 1,366,812 (90 days), 5,032,921 (365 days)
install-on-request: 74,033 (30 days), 201,471 (90 days), 663,741 (365 days)
build-error: 12,541 (30 days)
openssl version -a
OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) built on: Tue Jun 4 12:53:04 2024 UTC platform: darwin64-arm64-cc options: bn(64,64) compiler: clang -fPIC -arch arm64 -O3 -Wall -DL_ENDIAN -DOPENSSL_PIC -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG OPENSSLDIR: "/opt/homebrew/etc/openssl@3" ENGINESDIR: "/opt/homebrew/Cellar/openssl@3/3.3.1/lib/engines-3" MODULESDIR: "/opt/homebrew/Cellar/openssl@3/3.3.1/lib/ossl-modules" Seeding source: os-specific CPUINFO: OPENSSL_armcap=0x987d
openssl ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
sudo nginx -t
nginx: the configuration file /opt/homebrew/etc/nginx/nginx.conf syntax is ok nginx: configuration file /opt/homebrew/etc/nginx/nginx.conf test is successful
which -a php-fpm
/opt/homebrew/sbin/php-fpm
/opt/homebrew/opt/php/sbin/php-fpm -v
PHP 8.3.8 (fpm-fcgi) (built: Jun 4 2024 14:53:17)
Copyright (c) The PHP Group
Zend Engine v4.3.8, Copyright (c) Zend Technologies
with Zend OPcache v8.3.8, Copyright (c), by Zend Technologies
sudo /opt/homebrew/opt/php/sbin/php-fpm -y /opt/homebrew/etc/php/8.2/php-fpm.conf --test
[26-Nov-2024 09:47:34] NOTICE: configuration file /opt/homebrew/etc/php/8.2/php-fpm.conf test is successful
ls -al ~/Library/LaunchAgents | grep homebrew
-rw-r--r-- 1 mitch staff 732 Feb 1 2024 homebrew.mxcl.mysql.plist -rw-r--r-- 1 mitch staff 713 Jul 1 2022 homebrew.mxcl.postgresql.plist
ls -al /Library/LaunchAgents | grep homebrew
ls -al /Library/LaunchDaemons | grep homebrew
-rw-r--r--@ 1 root admin 797 Nov 21 10:15 homebrew.mxcl.dnsmasq.plist -rw-r--r--@ 1 root admin 685 Nov 26 09:36 homebrew.mxcl.nginx.plist -rw-r--r--@ 1 root admin 789 Nov 21 10:15 homebrew.mxcl.php@7.4.plist -rw-r--r--@ 1 root admin 789 Nov 21 10:15 homebrew.mxcl.php@8.0.plist -rw-r--r--@ 1 root admin 789 Nov 21 10:15 homebrew.mxcl.php@8.1.plist -rw-r--r--@ 1 root admin 789 Nov 21 10:15 homebrew.mxcl.php@8.2.plist
ls -al /Library/LaunchDaemons | grep "com.laravel.valet."
-rw-r--r--@ 1 root wheel 496 Nov 20 15:00 com.laravel.valet.loopback.plist
ls -aln /etc/resolv.conf
lrwxr-xr-x 1 0 0 22 Nov 14 22:59 /etc/resolv.conf -> ../var/run/resolv.conf
cat /etc/resolv.conf
# # macOS Notice # # This file is not consulted for DNS hostname resolution, address # resolution, or the DNS query routing mechanism used by most # processes on this system. # # To view the DNS configuration used by this system, use: # scutil --dns # # SEE ALSO # dns-sd(1), scutil(8) # # This file is automatically generated. # nameserver 10.96.0.1
ifconfig lo0
lo0: flags=8049 mtu 16384 options=1203 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 10.254.254.254 netmask 0xff000000 nd6 options=201
sh -c 'echo "------\n/opt/homebrew/etc/nginx/valet/valet.conf\n---\n"; cat /opt/homebrew/etc/nginx/valet/valet.conf | grep -n "# valet loopback"; echo "\n------\n"'
------ /opt/homebrew/etc/nginx/valet/valet.conf ---3: listen 10.254.254.254:80; # valet loopback
------
sh -c 'for file in ~/.config/valet/dnsmasq.d/*; do echo "------\n~/.config/valet/dnsmasq.d/$(basename $file)\n---\n"; cat $file; echo "\n------\n"; done'
------ ~/.config/valet/dnsmasq.d/tld-test.conf ---address=/.test/10.254.254.254
listen-address=10.254.254.254------
sh -c 'for file in ~/.config/valet/nginx/*; do echo "------\n~/.config/valet/nginx/$(basename $file)\n---\n"; cat $file | grep -n "# valet loopback"; echo "\n------\n"; done'
~/.config/valet/nginx/domain-name.test ---4: listen 10.254.254.254:80; # valet loopback
11: listen 10.254.254.254:443 ssl; # valet loopback
55: listen 10.254.254.254:60; # valet loopback~/.config/valet/nginx/wordpress.test
3: listen 10.254.254.254:80; # valet loopback
10: listen 10.254.254.254:443 ssl; # valet loopback
54: listen 10.254.254.254:60; # valet loopback~/.config/valet/nginx/wp-base-build.test
3: listen 10.254.254.254:80; # valet loopback
10: listen 10.254.254.254:443 ssl; # valet loopback
54: listen 10.254.254.254:60; # valet loopback