Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
Apq
/
Docker-official-images
-ын хуулбар https://github.com/docker-library/official-images.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Set CN to container DNS name

Related to https://github.com/docker-library/rabbitmq/pull/652

Give a TLS dist optfile a try

Remove `fail_if_no_peer_cert` option for client. It does not seem to be supported by OTP 26 🤔
Luke Bakken 2 жил өмнө
parent
51c2cd07e4
commit
e3a18575e3
3 өөрчлөгдсөн 24 нэмэгдсэн , 9 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 17 0
      test/tests/rabbitmq-tls/inet-dist-tls.config
  2. 2 4
      test/tests/rabbitmq-tls/rabbitmq-env.conf
  3. 5 5
      test/tests/rabbitmq-tls/run.sh

+ 17 - 0
test/tests/rabbitmq-tls/inet-dist-tls.config
Файл харах 

@@ -0,0 +1,17 @@
 
+[
 
+    {server, [
 
+        {cacertfile,"/certs/ca.crt"},
 
+        {certfile, "/certs/cert.crt"},
 
+        {keyfile, "/certs/private.key"},
 
+        {secure_renegotiate, true},
 
+        {verify, verify_peer},
 
+        {fail_if_no_peer_cert, true}
 
+    ]},
 
+    {client, [
 
+        {cacertfile,"/certs/ca.crt"},
 
+        {certfile, "/certs/cert.crt"},
 
+        {keyfile, "/certs/private.key"},
 
+        {secure_renegotiate, true},
 
+        {verify, verify_peer}
 
+    ]}
 
+].

+ 2 - 4
test/tests/rabbitmq-tls/rabbitmq-env.conf
Файл харах 

@@ -3,13 +3,11 @@
 
 # https://www.rabbitmq.com/clustering-ssl.html
 
 ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)"
 
 
-sslErlArgs="-pa $ERL_SSL_PATH 
-    -proto_dist inet_tls
 
-    -ssl_dist_opt server_certfile /certs/combined.pem
 
-    -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
 
+sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inet-dist-tls.config"
 
 
 SERVER_ADDITIONAL_ERL_ARGS="$sslErlArgs"
 
 CTL_ERL_ARGS="$sslErlArgs"
 
+
 
 if [ -n "$ERLANG_COOKIE" ]; then
 
 	SERVER_ADDITIONAL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS -setcookie $ERLANG_COOKIE"
 
 	CTL_ERL_ARGS="$CTL_ERL_ARGS -setcookie $ERLANG_COOKIE"

+ 5 - 5
test/tests/rabbitmq-tls/run.sh
Файл харах 

@@ -1,9 +1,10 @@
 
 #!/usr/bin/env bash
 
 set -Eeuo pipefail
 
 
+cname="rabbitmq-container-$RANDOM-$RANDOM"
 
 dir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
 
-
 
 serverImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-server "$1")"
 
+
 
 "$dir/../docker-build.sh" "$dir" "$serverImage" <<EOD
 
 FROM $1
 
 RUN set -eux; \
 
@@ -13,10 +14,10 @@ RUN set -eux; \
 
 		-key /certs/ca-private.key \
 
 		-out /certs/ca.crt \
 
 		-days $(( 365 * 30 )) \
 
-		-subj '/CN=lolca'; \
 
+		-subj '/CN=$cname-CA'; \
 
 	openssl genrsa -out /certs/private.key 4096; \
 
 	openssl req -new -key /certs/private.key \
 
-		-out /certs/cert.csr -subj '/CN=lolcert'; \
 
+		-out /certs/cert.csr -subj '/CN=$cname'; \
 
 	openssl x509 -req -in /certs/cert.csr \
 
 		-CA /certs/ca.crt -CAkey /certs/ca-private.key -CAcreateserial \
 
 		-out /certs/cert.crt -days $(( 365 * 30 )); \
 
@@ -25,7 +26,7 @@ RUN set -eux; \
 
 	chmod 0400 /certs/combined.pem; \
 
 	chown -R rabbitmq:rabbitmq /certs
 
 
-COPY --chown=rabbitmq:rabbitmq dir/*.conf /etc/rabbitmq/
 
+COPY --chown=rabbitmq:rabbitmq dir/*.conf* /etc/rabbitmq/
 
 EOD
 
 
 testImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-test "$1")"
 
@@ -44,7 +45,6 @@ EOD
 
 
 export ERLANG_COOKIE="rabbitmq-erlang-cookie-$RANDOM-$RANDOM"
 
 
-cname="rabbitmq-container-$RANDOM-$RANDOM"
 
 cid="$(docker run -d --name "$cname" --hostname "$cname" -e ERLANG_COOKIE "$serverImage")"
 
 trap "docker rm -vf $cid > /dev/null" EXIT