Closed BramVan-Oosterhout closed 2 months ago
Hey Bram, i'm on vacation so my answers will be slow at the moment, but i will check github from time to time :)
cert = "//usr/local/festivals-gateway/server.crt"
key = "/usr/local/festivals-gateway/ca.key"
should be
cert = "**/**usr/local/festivals-gateway/server.crt"
key = "/usr/local/festivals-gateway/**server.key**"
the CA private key should be somewhere very secure and not on the server.
Other than that i recommend you to create virtual hosts via the hosts file for each service, as described in the festivals-pki under Local Development or Development on a test server , as i don't know if this kind of overloading of the localhost works.
[heartbeat]
endpoint = "localhost"
should be the host of your gateway discovery service
[heartbeat]
endpoint = "https://discovery.festivalsapp.dev/loversear"
i will try to clarify this as it is truely somewhat confusing :)
Kind regards Simon
Hi Simon, What slow response? Thanks for your input! The server starts now like all other servers. Yay!
I am slowly learning about the use of certificates and hope to understand them by the end of the week. It would be nice to have a script that:
It may be too much to ask for the automation, but it would be helpful to illustrate the concept as applied to Fesivals-App,
I'll raise one more issue and will take your warning about slow response seriously. Enjoy your holiday. Work will wait. Holidays don't get another chance. Take care.
Bram
Hi, The festivals-gateway-server starts with:
I think this message is generated at:
festivals-identity-server/jwt/validate.go
line 84:84: cert, err := tls.LoadX509KeyPair(clientCert, clientKey)
I generated the certificate and key with
easyrsa
:This reference: golang-tls-loadx509keypair-failed-to-parse-private-key states ominously:
And then suggests to implement the algorithm yourself.
I assume that I have done something wrong in the key generation or config, rather than assume this is a bug, but I have no experience with generating and using certificates. Any idea where to look to resolve this issue?
For completeness - the gateway config:
And identity server config:
And the files: