首頁 探索 說明
註冊 登入
Apq
/
Docker-official-images
镜像来自 https://github.com/docker-library/official-images.git
1
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: a81f946ee9
分支列表 標籤列表
Docker-official...
/
test
/
tests
/
rabbitmq-tls
/
run.sh

run.sh 2.6 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. #!/usr/bin/env bash
    2. 

  2. set -Eeuo pipefail
    3. 

  3. 

  4. dir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
    5. 

  5. 

  6. serverImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-server "$1")"
    7. 

  7. "$dir/../docker-build.sh" "$dir" "$serverImage" <<EOD
    8. 

  8. FROM $1
    9. 

  9. RUN set -eux; \
    10. 

  10. 	mkdir /certs; \
    11. 

  11. 	openssl genrsa -out /certs/ca-private.key 8192; \
    12. 

  12. 	openssl req -new -x509 \
    13. 

  13. 		-key /certs/ca-private.key \
    14. 

  14. 		-out /certs/ca.crt \
    15. 

  15. 		-days $(( 365 * 30 )) \
    16. 

  16. 		-subj '/CN=lolca'; \
    17. 

  17. 	openssl genrsa -out /certs/private.key 4096; \
    18. 

  18. 	openssl req -new -key /certs/private.key \
    19. 

  19. 		-out /certs/cert.csr -subj '/CN=lolcert'; \
    20. 

  20. 	openssl x509 -req -in /certs/cert.csr \
    21. 

  21. 		-CA /certs/ca.crt -CAkey /certs/ca-private.key -CAcreateserial \
    22. 

  22. 		-out /certs/cert.crt -days $(( 365 * 30 )); \
    23. 

  23. 	openssl verify -CAfile /certs/ca.crt /certs/cert.crt; \
    24. 

  24. 	cat /certs/cert.crt /certs/private.key > /certs/combined.pem; \
    25. 

  25. 	chmod 0400 /certs/combined.pem; \
    26. 

  26. 	chown -R rabbitmq:rabbitmq /certs
    27. 

  27. 

  28. COPY --chown=rabbitmq:rabbitmq dir/*.conf /etc/rabbitmq/
    29. 

  29. EOD
    30. 

  30. 

  31. testImage="$("$dir/../image-name.sh" librarytest/rabbitmq-tls-test "$1")"
    32. 

  32. "$dir/../docker-build.sh" "$dir" "$testImage" <<'EOD'
    33. 

  33. FROM alpine:3.14
    34. 

  34. RUN apk add --no-cache bash coreutils drill openssl procps
    35. 

  35. # https://github.com/drwetter/testssl.sh/releases
    36. 

  36. ENV TESTSSL_VERSION 3.0.5
    37. 

  37. RUN set -eux; \
    38. 

  38. 	wget -O testssl.tgz "https://github.com/drwetter/testssl.sh/archive/${TESTSSL_VERSION}.tar.gz"; \
    39. 

  39. 	tar -xvf testssl.tgz -C /opt; \
    40. 

  40. 	rm testssl.tgz; \
    41. 

  41. 	ln -sv "/opt/testssl.sh-$TESTSSL_VERSION/testssl.sh" /usr/local/bin/; \
    42. 

  42. 	testssl.sh --version
    43. 

  43. EOD
    44. 

  44. 

  45. export ERLANG_COOKIE="rabbitmq-erlang-cookie-$RANDOM-$RANDOM"
    46. 

  46. 

  47. cname="rabbitmq-container-$RANDOM-$RANDOM"
    48. 

  48. cid="$(docker run -d --name "$cname" --hostname "$cname" -e ERLANG_COOKIE "$serverImage")"
    49. 

  49. trap "docker rm -vf $cid > /dev/null" EXIT
    50. 

  50. 

  51. testssl() {
    52. 

  52. 	docker run -i --rm \
    53. 

  53. 		--link "$cname" \
    54. 

  54. 		"$testImage" \
    55. 

  55. 		testssl.sh --quiet --color 0 "$@" "$cname:5671"
    56. 

  56. }
    57. 

  57. rabbitmqctl() {
    58. 

  58. 	# not using '--entrypoint', since regular entrypoint does needed env setup
    59. 

  59. 	docker run -i --rm \
    60. 

  60. 		--link "$cname" \
    61. 

  61. 		-e ERLANG_COOKIE \
    62. 

  62. 		"$serverImage" \
    63. 

  63. 		rabbitmqctl --node "rabbit@$cname" "$@"
    64. 

  64. }
    65. 

  65. rabbitmq-diagnostics() {
    66. 

  66. 	# not using '--entrypoint', since regular entrypoint does needed env setup
    67. 

  67. 	docker run -i --rm \
    68. 

  68. 		--link "$cname" \
    69. 

  69. 		-e ERLANG_COOKIE \
    70. 

  70. 		"$serverImage" \
    71. 

  71. 		rabbitmq-diagnostics --node "rabbit@$cname" "$@"
    72. 

  72. }
    73. 

  73. 

  74. . "$dir/../../retry.sh" 'rabbitmq-diagnostics check_port_connectivity'
    75. 

  75. 

  76. rabbitmqctl status
    77. 

  77. testssl --each-cipher
    78. 

  78. testssl --standard
    79. 

  79. #testssl --protocols # RabbitMQ still supports TLS 1.0/1.1 which are "deprecated" in testssl.sh 3.0+ (and thus fail this test)
    80.