about configure ssl key

[QloudXee]

I have deploy terrareg with docker and create ssl key with following command:

1. openssl genrsa -out rsa_private_key.pem 1024
2. openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

however when I recreate container with -e SSL_CERT_PRIVATE_KEY=pathincontainer/rsa_private_key.pem & -e SSL_CERT_PUBLIC_KEY=pathincontainer/rsa_public_key.pem , it show error in docker logs "ssl.SSLError: [SSL] PEM lib (_ssl.c:3900)"

How should I fix it ,if you have any demo for ssl configuration will be better. thanks a lot

[MatthewJohn]

Hey @QloudXee ,

Using those commands, I certainly get the same - I don't think this is generating a valid SSL certificate. This should generate a public and private key for you:

# Generates public and encrypted private key
openssl req -x509 -newkey rsa:4096 -keyout key-enc.pem -out cert.pem -sha256 -days 365
# Decrypt private key
openssl rsa -in ./key-enc.pem -out ./key.pem

# Run Terrareg (using using environment variables, as you're using)
python ./terrareg.py --ssl-cert-private-key ./key.pem --ssl-cert-public-key ./cert.pem

There is also some documentation, which uses mkcert (though I haven't personaly used it before), here: https://github.com/MatthewJohn/terrareg/blob/main/docs/LOCAL_DEVELOPMENT.md

Hope this helps!

Many thanks Matt

[QloudXee]

@MatthewJohn

Thanks I have resolve ssl problem .

But when I trying to upload module with upload_module.sh as the integration page told me , there shows following problem :

I do not want to configure git info , just use shell upload to container is enough. could you kindly give my some suggestion

[MatthewJohn]

Hey :)

So if you don't to configure the git info, then the "indexing" section of the integration page will not work (I will see why it's giving this error, if you don't have a git source configured).

With regards to uploading the file, I'm not sure what is causing the "internal server error". Is there anything in the logs that could indicate the issue (you can turn on debug logging using DEBUG (https://github.com/MatthewJohn/terrareg/blob/main/docs/CONFIG.md#debug), which should hopefully indicate what the problem is

Many thanks

[QloudXee]

hope this info would be helpful, and I tried these two zip file, so I think there is no problem with zip content

[MatthewJohn]

Oh, that's interesting - it seems tfswitch isn't installed! Just to clarify, you said you were running this in a docker container? If so, I'll need to investigate why tfswitch hasn't been installed.

Though, if you aren't running within a container, I've noticed that the installation of tfswitch is missing from the LOCAL_DEVELOPMENT.md instructions (which needs installing by running curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash

Thanks Matt

[QloudXee]

emmmm, I have resolve it, it seems to be something wrong with my image , recreate image the error not happend again. by the way , could you tell me how to config the ssl cert ,when i run "terraform init" ,an error appear:

[MatthewJohn]

Hey, yes, this is unfortunately a "thing" with Terraform - the SSL validity checks cannot be skipped (https://github.com/matthewJohn/terrareg#from-source).

The only ways around it are, either:

• Using a valid SSL certificate from a trusted certificate authority. Or,
• if you are just using it locally (on your machine), you can generate a CA certificate, install it into your trusted CAs and generate a certificate using that (this method is documented in https://github.com/MatthewJohn/terrareg/blob/main/docs/LOCAL_DEVELOPMENT.md#install-mkcert)

Apologies, I should have mentioned this when suggesting how to generate the certificate!

Many thanks Matt

[MatthewJohn]

@QloudXee ,

I hope this has helped - I will close for now, but if you have any further questions, feel free to re-open or create new tickets for any other issues :)

Thanks Matt

[QloudXee]

Sorry to disturb , Now I have configure an mkcert cert for terrareg & add rootCA.crt to ca-certificates. But when I run "terraform init" there is something wrong with the get request ,cloud you help me to analyse

1. mkcert localhost 127.0.0.1 ::1 xx.xx.xx.xx
2. docker run with mkcert cert.pem key.pem
3. add mkcert rootCA.crt to ca-certifacates

[MatthewJohn]

Hey @QloudXee

Sure :)

So there should only be two reasons for 401 whilst downloading a module:

• unauthenticated access has been disabled (Github Authe))
• an analytics token has not been provided in the URL, which used used to track module usage (the user of the module must add a value and double underscores before the namespace in the URL (newer versions of terraform should show the error output during the init). More information about this can be found here: https://github.com/MatthewJohn/terrareg/blob/main/docs/USER_GUIDE.md#module-usage-analytics. The enforcement can be disabled using: https://github.com/MatthewJohn/terrareg/blob/main/docs/USER_GUIDE.md#enforcing-analytics-tokens and it can be completely disabled using: https://github.com/MatthewJohn/terrareg/blob/main/docs/CONFIG.md#disable_analytics

Hope this helps Matt

[MatthewJohn]

Created gitlab issue: https://gitlab.dockstudios.co.uk/pub/terrareg/-/issues/504 gitlab-issue-id:504