reviews

cryostatio · May 2, 2024 · 57da16a · 57da16a
1 parent 53ad168
commit 57da16a
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -99,6 +99,13 @@ docker.client.strategy=org.testcontainers.dockerclient.UnixSocketClientProviderS
 testcontainers.reuse.enable=false
 ```
 
+Generate a certificate and key for the server to enable HTTPS connections:
+
+```bash
+# run cert and key generation script
+$ sh compose/auth_certs/generate.sh
+```
+
 Build the container image and run smoketests. This will spin up the cryostat container and its required services.
 
 ```bash

diff --git a/compose/auth_certs/generate.sh b/compose/auth_certs/generate.sh
@@ -2,4 +2,6 @@
 
 set -xe
 
-openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out certificate.pem -keyout private.key
+CERTS_DIR="$(dirname "$(readlink -f "$0")")"
+
+openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out ${CERTS_DIR}/certificate.pem -keyout ${CERTS_DIR}/private.key
diff --git a/smoketest.bash b/smoketest.bash
@@ -212,11 +212,11 @@ createProxyCertsVolume() {
     "${container_engine}" volume create auth_proxy_certs
     "${container_engine}" container create --name proxy_certs_helper -v auth_proxy_certs:/certs busybox
     if [ -f "${DIR}/compose/auth_certs/certificate.pem" ] && [ -f "${DIR}/compose/auth_certs/private.key" ]; then
-        chmod 644 "${DIR}/compose/auth_certs/private.key"
+        chmod 640 "${DIR}/compose/auth_certs/private.key"
         "${container_engine}" cp "${DIR}/compose/auth_certs/certificate.pem" proxy_certs_helper:/certs/certificate.pem
         "${container_engine}" cp "${DIR}/compose/auth_certs/private.key" proxy_certs_helper:/certs/private.key
     else
-        echo "Unable to find a certificate and key to allow oauth2_proxy to enable TLS connections"
+        echo "Did you run auth_certs/generate.sh?"
         exit 2
     fi
 }