Fix web certificate for dev image
This commit is contained in:
Stephen Marshall
committed by
Stephen D Marshall
Stephen D Marshall
parent
1f4528d597
commit
2e453f2257
@@ -149,6 +149,6 @@ COPY incubating/mqadvanced-server-dev/web /etc/mqm/web
|
|||||||
RUN chown -R mqm:mqm /etc/mqm/* \
|
RUN chown -R mqm:mqm /etc/mqm/* \
|
||||||
&& chmod +x /usr/local/bin/runmq* \
|
&& chmod +x /usr/local/bin/runmq* \
|
||||||
&& install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver
|
&& install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver
|
||||||
ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1
|
ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1 MQ_GENERATE_CERTIFICATE_HOSTNAME=localhost
|
||||||
USER $MQM_UID
|
USER $MQM_UID
|
||||||
ENTRYPOINT ["runmqdevserver"]
|
ENTRYPOINT ["runmqdevserver"]
|
||||||
|
|||||||
@@ -30,10 +30,15 @@ func postInit(name, keylabel string, p12Trust tls.KeyStoreData) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
// If trust-store is empty, set reference to point to the key-store
|
||||||
|
p12TrustStoreRef := "MQWebTrustStore"
|
||||||
|
if len(p12Trust.TrustedCerts) == 0 {
|
||||||
|
p12TrustStoreRef = "MQWebKeyStore"
|
||||||
|
}
|
||||||
// Start the web server, in the background (if installed)
|
// Start the web server, in the background (if installed)
|
||||||
// WARNING: No error handling or health checking available for the web server
|
// WARNING: No error handling or health checking available for the web server
|
||||||
go func() {
|
go func() {
|
||||||
err = startWebServer(keystore, p12Trust.Password)
|
err = startWebServer(keystore, p12Trust.Password, p12TrustStoreRef)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error starting web server: %v", err)
|
log.Printf("Error starting web server: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -118,11 +118,11 @@ func configureTLS(certLabel string, cmsKeystore tls.KeyStoreData, devmode bool)
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// configureSSOTLS configures MQ Console TLS for Single Sign-On
|
// configureWebKeyStore configures the key stores for the web console
|
||||||
func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) {
|
func configureWebKeyStore(p12TrustStore tls.KeyStoreData) (string, error) {
|
||||||
// TODO find way to supply this
|
// TODO find way to supply this
|
||||||
// Override the webstore variables to hard coded defaults
|
// Override the webstore variables to hard coded defaults
|
||||||
webKeyStoreName := tls.IntegrationDefaultLabel + ".p12"
|
webKeyStoreName := tls.WebDefaultLabel + ".p12"
|
||||||
|
|
||||||
// Check keystore exists
|
// Check keystore exists
|
||||||
ks := filepath.Join(keyStoreDir, webKeyStoreName)
|
ks := filepath.Join(keyStoreDir, webKeyStoreName)
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ import (
|
|||||||
"github.com/ibm-messaging/mq-container/internal/tls"
|
"github.com/ibm-messaging/mq-container/internal/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
func startWebServer(keystore, keystorepw string) error {
|
func startWebServer(keystore, keystorepw, p12TrustStoreRef string) error {
|
||||||
_, err := os.Stat("/opt/mqm/bin/strmqweb")
|
_, err := os.Stat("/opt/mqm/bin/strmqweb")
|
||||||
if err != nil && os.IsNotExist(err) {
|
if err != nil && os.IsNotExist(err) {
|
||||||
log.Debug("Skipping web server, because it's not installed")
|
log.Debug("Skipping web server, because it's not installed")
|
||||||
@@ -53,6 +53,7 @@ func startWebServer(keystore, keystorepw string) error {
|
|||||||
if keystore != "" {
|
if keystore != "" {
|
||||||
cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTORE="+keystore)
|
cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTORE="+keystore)
|
||||||
cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTOREPW="+keystorepw)
|
cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTOREPW="+keystorepw)
|
||||||
|
cmd.Env = append(cmd.Env, "AMQ_WEBTRUSTSTOREREF="+p12TrustStoreRef)
|
||||||
}
|
}
|
||||||
|
|
||||||
uid, gid, err := command.LookupMQM()
|
uid, gid, err := command.LookupMQM()
|
||||||
@@ -117,11 +118,12 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Configure SSO TLS
|
// Configure SSO TLS
|
||||||
return configureSSOTLS(p12TrustStore)
|
return configureWebKeyStore(p12TrustStore)
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, error) {
|
func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, error) {
|
||||||
var keystore string
|
var keystore string
|
||||||
|
|
||||||
// Configure TLS for Web Console first if we have a certificate to use
|
// Configure TLS for Web Console first if we have a certificate to use
|
||||||
err := configureWebTLS(keyLabel)
|
err := configureWebTLS(keyLabel)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -138,7 +140,10 @@ func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, err
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return keystore, err
|
return keystore, err
|
||||||
}
|
}
|
||||||
|
} else if keyLabel == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") != "" {
|
||||||
|
keystore, err = configureWebKeyStore(p12Trust)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = os.Stat("/opt/mqm/bin/strmqweb")
|
_, err = os.Stat("/opt/mqm/bin/strmqweb")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
|
|||||||
@@ -35,8 +35,8 @@ import (
|
|||||||
pkcs "software.sslmate.com/src/go-pkcs12"
|
pkcs "software.sslmate.com/src/go-pkcs12"
|
||||||
)
|
)
|
||||||
|
|
||||||
// IntegrationDefaultLabel is the default certificate label used by Cloud Integration Platform
|
// WebDefaultLabel is the default certificate label for the web console
|
||||||
const IntegrationDefaultLabel = "default"
|
const WebDefaultLabel = "default"
|
||||||
|
|
||||||
// P12TrustStoreName is the name of the PKCS#12 truststore used by the webconsole
|
// P12TrustStoreName is the name of the PKCS#12 truststore used by the webconsole
|
||||||
const P12TrustStoreName = "trust.p12"
|
const P12TrustStoreName = "trust.p12"
|
||||||
|
|||||||
@@ -2,6 +2,6 @@
|
|||||||
<server>
|
<server>
|
||||||
<keyStore id="MQWebKeyStore" location="/run/runmqserver/tls/${env.AMQ_WEBKEYSTORE}" type="PKCS12" password="${env.AMQ_WEBKEYSTOREPW}"/>
|
<keyStore id="MQWebKeyStore" location="/run/runmqserver/tls/${env.AMQ_WEBKEYSTORE}" type="PKCS12" password="${env.AMQ_WEBKEYSTOREPW}"/>
|
||||||
<keyStore id="MQWebTrustStore" location="/run/runmqserver/tls/trust.p12" type="PKCS12" password="${env.AMQ_WEBKEYSTOREPW}"/>
|
<keyStore id="MQWebTrustStore" location="/run/runmqserver/tls/trust.p12" type="PKCS12" password="${env.AMQ_WEBKEYSTOREPW}"/>
|
||||||
<ssl id="thisSSLConfig" clientAuthenticationSupported="true" keyStoreRef="MQWebKeyStore" trustStoreRef="MQWebTrustStore" sslProtocol="TLSv1.2"/>
|
<ssl id="thisSSLConfig" clientAuthenticationSupported="true" keyStoreRef="MQWebKeyStore" trustStoreRef="${env.AMQ_WEBTRUSTSTOREREF}" sslProtocol="TLSv1.2"/>
|
||||||
<sslDefault sslRef="thisSSLConfig"/>
|
<sslDefault sslRef="thisSSLConfig"/>
|
||||||
</server>
|
</server>
|
||||||
Reference in New Issue
Block a user