Fix web certificate for dev image

2019-12-03 11:49:10 +00:00
parent 1f4528d597
commit 2e453f2257
6 changed files with 21 additions and 11 deletions
--- a/2
+++ b/2
@@ -149,6 +149,6 @@ COPY incubating/mqadvanced-server-dev/web /etc/mqm/web
 RUN chown -R mqm:mqm /etc/mqm/* \
  && chmod +x /usr/local/bin/runmq* \
  && install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver
-ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1
+ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1 MQ_GENERATE_CERTIFICATE_HOSTNAME=localhost
 USER $MQM_UID
 ENTRYPOINT ["runmqdevserver"]
--- a/cmd/runmqserver/post_init.go
+++ b/cmd/runmqserver/post_init.go
@@ -30,10 +30,15 @@ func postInit(name, keylabel string, p12Trust tls.KeyStoreData) error {
 		if err != nil {
 			return err
 		}
+		// If trust-store is empty, set reference to point to the key-store
+		p12TrustStoreRef := "MQWebTrustStore"
+		if len(p12Trust.TrustedCerts) == 0 {
+			p12TrustStoreRef = "MQWebKeyStore"
+		}
 		// Start the web server, in the background (if installed)
 		// WARNING: No error handling or health checking available for the web server
 		go func() {
-			err = startWebServer(keystore, p12Trust.Password)
+			err = startWebServer(keystore, p12Trust.Password, p12TrustStoreRef)
 			if err != nil {
 				log.Printf("Error starting web server: %v", err)
 			}
--- a/cmd/runmqserver/tls.go
+++ b/cmd/runmqserver/tls.go
@@ -118,11 +118,11 @@ func configureTLS(certLabel string, cmsKeystore tls.KeyStoreData, devmode bool)
 	return nil
 }

-// configureSSOTLS configures MQ Console TLS for Single Sign-On
-func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) {
+// configureWebKeyStore configures the key stores for the web console
+func configureWebKeyStore(p12TrustStore tls.KeyStoreData) (string, error) {
 	// TODO find way to supply this
 	// Override the webstore variables to hard coded defaults
-	webKeyStoreName := tls.IntegrationDefaultLabel + ".p12"
+	webKeyStoreName := tls.WebDefaultLabel + ".p12"

 	// Check keystore exists
 	ks := filepath.Join(keyStoreDir, webKeyStoreName)
--- a/cmd/runmqserver/webserver.go
+++ b/cmd/runmqserver/webserver.go
@@ -31,7 +31,7 @@ import (
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )

-func startWebServer(keystore, keystorepw string) error {
+func startWebServer(keystore, keystorepw, p12TrustStoreRef string) error {
 	_, err := os.Stat("/opt/mqm/bin/strmqweb")
 	if err != nil && os.IsNotExist(err) {
 		log.Debug("Skipping web server, because it's not installed")
@@ -53,6 +53,7 @@ func startWebServer(keystore, keystorepw string) error {
 	if keystore != "" {
 		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTORE="+keystore)
 		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTOREPW="+keystorepw)
+		cmd.Env = append(cmd.Env, "AMQ_WEBTRUSTSTOREREF="+p12TrustStoreRef)
 	}

 	uid, gid, err := command.LookupMQM()
@@ -117,11 +118,12 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
 	}

 	// Configure SSO TLS
-	return configureSSOTLS(p12TrustStore)
+	return configureWebKeyStore(p12TrustStore)
 }

 func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, error) {
 	var keystore string
+
 	// Configure TLS for Web Console first if we have a certificate to use
 	err := configureWebTLS(keyLabel)
 	if err != nil {
@@ -138,7 +140,10 @@ func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, err
 		if err != nil {
 			return keystore, err
 		}
+	} else if keyLabel == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") != "" {
+		keystore, err = configureWebKeyStore(p12Trust)
 	}
+
 	_, err = os.Stat("/opt/mqm/bin/strmqweb")
 	if err != nil {
 		if os.IsNotExist(err) {
--- a/internal/tls/tls.go
+++ b/internal/tls/tls.go
@@ -35,8 +35,8 @@ import (
 	pkcs "software.sslmate.com/src/go-pkcs12"
 )

-// IntegrationDefaultLabel is the default certificate label used by Cloud Integration Platform
-const IntegrationDefaultLabel = "default"
+// WebDefaultLabel is the default certificate label for the web console
+const WebDefaultLabel = "default"

 // P12TrustStoreName is the name of the PKCS#12 truststore used by the webconsole
 const P12TrustStoreName = "trust.p12"
--- a/web/installations/Installation1/servers/mqweb/tls.xml.tpl
+++ b/web/installations/Installation1/servers/mqweb/tls.xml.tpl
@@ -2,6 +2,6 @@
 <server>
    <keyStore id="MQWebKeyStore" location="/run/runmqserver/tls/${env.AMQ_WEBKEYSTORE}" type="PKCS12" password="${env.AMQ_WEBKEYSTOREPW}"/>
    <keyStore id="MQWebTrustStore" location="/run/runmqserver/tls/trust.p12" type="PKCS12" password="${env.AMQ_WEBKEYSTOREPW}"/>
-    <ssl id="thisSSLConfig" clientAuthenticationSupported="true" keyStoreRef="MQWebKeyStore" trustStoreRef="MQWebTrustStore" sslProtocol="TLSv1.2"/>
+    <ssl id="thisSSLConfig" clientAuthenticationSupported="true" keyStoreRef="MQWebKeyStore" trustStoreRef="${env.AMQ_WEBTRUSTSTOREREF}" sslProtocol="TLSv1.2"/>
    <sslDefault sslRef="thisSSLConfig"/>
 </server>