search

marklogic-community / roxy

Deployment tool for MarkLogic applications. Also provides optional unit test and XQuery MVC structure
Other
87 stars 66 forks source link

Documentation For SSL Certificates Is Lacking #890

Open ghost opened 5 years ago

ghost commented 5 years ago

Thank you for submitting an issue!

If this is a bug, please use the bug template below. If this is an enhancement request, please use the RFE template below. Before submitting your issue, please do us a favor and search currently open issues. If your issue already exists, please make a comment there advocating your issue be addressed sooner.

Bug Template

The issue

Short description of the problem:

What are the steps to reproduce the problem?

  1. One
  2. Two
  3. Three

Tech Specs

Which Operating System are you using? Mac OSX Which version of MarkLogic are you using? 9.0-6.2 Which version of Roxy are you using (see version.txt)? The dev branch

RFE Template

The RFE

Short description of the problem: I have certificates already imported into MarkLogic, how can I specify those in the ml-config for the appservers? The documentation doesn't show the xml tags to put if you want to specify the certificate authorities to be used on the appserver. Couldn't find the tag names in the sample docs either.

Your business use case. How much time would this save you? Can you currently work around this missing feature?

Timeframe : How urgently do you feel you need this RFE addressed? Why?

ghost commented 5 years ago

@grtjn @RobertSzkutak do you have any info on this?

grtjn commented 5 years ago

I'm not quite sure to be honest, but this might give you sufficient to move on: ./ml local settings appserver. That should list all valid settings as supported by Roxy.

ghost commented 5 years ago

These are the only things I see for SSL:

So what I really need, is if I have some SSL certificates that were imported into MarkLogic, I want to have Roxy apply those to the appserver. So in the appserver settings at the bottom of the page, if I click show, then I can see all the certificate authority names, then if I click on those Names, I can check the checkboxes for the certificates I want to apply to my appserver. But I don’t want to have to manually check those, I want the thing scripted, so when I do a bootstrap, the certs are applied to the appserver. There needs to be something that allows you to do that, but I am just not able to find anything in the documentation..

grtjn commented 5 years ago

Wow, that show button is very inconspicuous. I've never known you could pick authorities from there.

I looked through the code, and it looks like Roxy doesn't cover this bit yet. Would you be interested in attempting to add it?

There might also be ways to provide a workaround in the shape of a post-bootstrap hook that executes some custom xqy code that invokes admin functions. Would you have a code snippet that would do the trick in QC?

ghost commented 5 years ago

I'm thinking this piece would just be something where in the ml-config appserver(s) node, you would just have a wrapper node called certificates with children elements called certificate, and in there would just be the path from src to the pem file. An xqy script would pick that up somehow and then apply it to an appserver. I could fiddle this weekend.