Maintenance: Switch capybara testing to use HTTPS.

.gitlab/ci/__includes__/variables.yml

@@ -1,5 +1,6 @@
 # Global variables added to the ENV of each job and service container.
 variables:
+  FF_NETWORK_PER_BUILD: 1  # https://docs.gitlab.com/runner/configuration/feature-flags.html
   # for faster translation loading
   Z_LOCALES: "en-us:de-de"
   RAILS_ENV: "test"

.gitlab/ci/browser/capybara_filtered.yml

@@ -5,7 +5,6 @@
     - when: never
   variables:
     BROWSER_TEST_FILTER_LOOP_COUNT: 50
-    FF_NETWORK_PER_BUILD: 1  # https://docs.gitlab.com/runner/configuration/feature-flags.html
   script:
     - !reference [.scripts, zammad_ci_test_prepare]
     - |

.gitlab/ci/browser/capybara_integration.yml

@@ -3,7 +3,6 @@
     - !reference [.scripts, zammad_ci_test_prepare]
     - bundle exec rspec -t integration --profile 10 spec/system
   variables:
-    FF_NETWORK_PER_BUILD: 1 # https://docs.gitlab.com/runner/configuration/feature-flags.html
     IMPORT_OTRS_ENDPOINT: "http://zammad-ci-otrsimport-app/otrs/public.pl?Action=ZammadMigrator"
 
 capybara:integration:chrome:

.gitlab/ci/test/integration/otrs.yml

@@ -14,7 +14,6 @@
     - name: $CI_REGISTRY/docker/zammad-ci-otrsimport-app:$OTRS_CONTAINER_TAG
       alias: zammad-ci-otrsimport-app
   variables:
-    FF_NETWORK_PER_BUILD: 1 # https://docs.gitlab.com/runner/configuration/feature-flags.html
     IMPORT_OTRS_ENDPOINT: 'http://zammad-ci-otrsimport-app/otrs/public.pl?Action=ZammadMigrator'
     TZ: 'Europe/Berlin' # Required for the zammad-ci-otrsimport-app containers
 

Gemfile

@@ -245,6 +245,9 @@ group :development, :test do
 
   # Slack helper for testing
   gem 'slack-ruby-client', require: false
+
+  # self-signed localhost certificates for puma / capybara
+  gem 'localhost'
 end
 
 # To permanently extend Zammad with additional gems, you can specify them in Gemfile.local.

Gemfile.lock

@@ -273,6 +273,7 @@ GEM
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     little-plugger (1.1.4)
+    localhost (1.1.10)
     logging (2.3.1)
       little-plugger (~> 1.1)
       multi_json (~> 1.14)
@@ -703,6 +704,7 @@ DEPENDENCIES
   json
   koala
   listen
+  localhost
   mail
   messagebird-rest
   mime-types

Procfile.dev-https

@@ -1,4 +1,4 @@
 vite: bundle exec script/vite-server.rb dev
-web: bundle exec script/rails server -b "ssl://${ZAMMAD_BIND_IP:=127.0.0.1}:${ZAMMAD_RAILS_PORT:=3000}?key=config/ssl/localhost.key&cert=config/ssl/localhost.crt" -p ${ZAMMAD_RAILS_PORT:=3000}
-websocket: bundle exec script/websocket-server.rb -b ${ZAMMAD_BIND_IP:=127.0.0.1} -p ${ZAMMAD_WEBSOCKET_PORT:=6042} -k config/ssl/localhost.key -c config/ssl/localhost.crt -s start
+web: bundle exec script/rails server -b "ssl://${ZAMMAD_BIND_IP:=127.0.0.1}" -p ${ZAMMAD_RAILS_PORT:=3000}
+websocket: bundle exec script/websocket-server.rb -b ${ZAMMAD_BIND_IP:=127.0.0.1} -p ${ZAMMAD_WEBSOCKET_PORT:=6042} -k ~/.localhost/localhost.key -c ~/.localhost/localhost.crt -s start
 worker: bundle exec script/background-worker.rb start

contrib/ssl/generate-ssl.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-# To generate a self-signed certificate, you will need mkcert installed:
-# Please visit https://github.com/FiloSottile/mkcert#installation
-
-# You can generate certificate for a custom domain by passing down the domain/IP as an argument
-# and you can also use $ZAMMAD_BIND_IP
-
-# ./generate-ssl.sh 194.23.42.1
-# ZAMMAD_BIND_IP=194.23.42.1 ./generate-ssl.sh
-
-mkcert -cert-file localhost.crt -key-file localhost.key localhost 127.0.0.1 $ZAMMAD_BIND_IP $1
-mkcert -install
-
-mkdir -p config/ssl
-
-mv localhost.key config/ssl/localhost.key
-mv localhost.crt config/ssl/localhost.crt

doc/developer_manual/development_environment/how-to-set-up-a-development-environment.md

@@ -154,24 +154,9 @@ $ bundle install
 
 ## Using HTTPS
 
-To enable HTTPS in your development environment, you need to generate self-signed SSL certificates.
-For this, you need to install [`mkcert`](https://github.com/FiloSottile/mkcert#installation).
-
-You could simply use our script to generate the certificates:
-
-```screen
-$ sh contrib/ssl/generate-ssl.sh
-```
-
-This will create `localhost.crt` and `localhost.key` files and put them inside `config/ssl`. It is possible to use the environment variable `ZAMMAD_BIND_IP` or the first script argument to pass down more domains or IPs for these certificates.
-
-Now you can run Zammad:
+Zammad uses the gem `localhost` to automatically generate self-signed certificates. This will place `~./localhost/localhost.crt` and `~/.localhost/localhost.key` files if needed. Then you can use one of the following commands:
 
 ```sh
-# to run Desktop Zammad
-$ RAILS_ENV=development forego start -f Procfile.dev-https
-
-# to run Mobile Zammad
 $ VITE_RUBY_HTTPS=true RAILS_ENV=development forego start -f Procfile.dev-https
 # or
 $ yarn dev:https

public/assets/chat/index.html

@@ -1873,12 +1873,14 @@ figcaption {
   }
   var hostname = window.location.hostname;
   var port = window.location.port;
+  var protocol = window.location.protocol;
+  var wsProtocol = protocol === 'https:' ? 'wss:' : 'ws:';
   var params = getSearchParameters();
-  var host = 'ws://'+ (location.host || 'localhost').split(':')[0] +':6042'
+  var host = wsProtocol + '//'+ (location.host || 'localhost').split(':')[0] +':6042'
   if (params['port']) {
-    host = 'ws://' + hostname + ':' + params['port']
+    host = wsProtocol + '//' + hostname + ':' + params['port']
   }
-  cssUrl = 'http://' + hostname + ':' + port + '/assets/chat/chat.css'
+  cssUrl = protocol + '//' + hostname + ':' + port + '/assets/chat/chat.css'
 
   var chat = new ZammadChat({
     chatId: 2,