diff --git a/README.md b/README.md index efe426d78..1d78fb8cb 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,13 @@ docker.client.strategy=org.testcontainers.dockerclient.UnixSocketClientProviderS testcontainers.reuse.enable=false ``` +Generate a certificate and key for the server to enable HTTPS connections: + +```bash +# run cert and key generation script +$ sh compose/auth_certs/generate.sh +``` + Build the container image and run smoketests. This will spin up the cryostat container and its required services. ```bash diff --git a/compose/auth_certs/generate.sh b/compose/auth_certs/generate.sh index 533e0b3ed..68e91c731 100755 --- a/compose/auth_certs/generate.sh +++ b/compose/auth_certs/generate.sh @@ -2,4 +2,6 @@ set -xe -openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out certificate.pem -keyout private.key +CERTS_DIR="$(dirname "$(readlink -f "$0")")" + +openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out ${CERTS_DIR}/certificate.pem -keyout ${CERTS_DIR}/private.key diff --git a/smoketest.bash b/smoketest.bash index 8b6e673e0..3ba1a3304 100755 --- a/smoketest.bash +++ b/smoketest.bash @@ -212,11 +212,11 @@ createProxyCertsVolume() { "${container_engine}" volume create auth_proxy_certs "${container_engine}" container create --name proxy_certs_helper -v auth_proxy_certs:/certs busybox if [ -f "${DIR}/compose/auth_certs/certificate.pem" ] && [ -f "${DIR}/compose/auth_certs/private.key" ]; then - chmod 644 "${DIR}/compose/auth_certs/private.key" + chmod 640 "${DIR}/compose/auth_certs/private.key" "${container_engine}" cp "${DIR}/compose/auth_certs/certificate.pem" proxy_certs_helper:/certs/certificate.pem "${container_engine}" cp "${DIR}/compose/auth_certs/private.key" proxy_certs_helper:/certs/private.key else - echo "Unable to find a certificate and key to allow oauth2_proxy to enable TLS connections" + echo "Did you run auth_certs/generate.sh?" exit 2 fi }