Closed mrjones-plip closed 1 year ago
AT passes
Setup is to wget
latest files:
wget https://staging.dev.medicmobile.org/_couch/builds/medic:medic:master/docker-compose/cht-couchdb.yml
wget https://staging.dev.medicmobile.org/_couch/builds/medic:medic:master/docker-compose/cht-core.yml
wget https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.yml
Preload the wildcard local-ip.co
cert into SSL_VOLUME_MOUNT_PATH=/etc/nginx/private/
volume by creating a compose file called docker-compose_load-certs.yml
with this contents (not volume is hard coded to test3-cht-ssl
:
version: '3.9'
services:
cht-load-local-ip-cert:
image: alpine
command: sh -c "
mkdir -p ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}
&&rm -f ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}server.pem
&& rm -f ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}chain.pem
&& rm -f ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}key.pem
&& wget -P ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/} http://local-ip.co/cert/server.pem
&& wget -P ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/} http://local-ip.co/cert/chain.pem
&& cat ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}server.pem ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}chain.pem > ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}cert.pem
&& wget -P ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/} http://local-ip.co/cert/server.key
&& mv ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}server.key ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}key.pem
&& rm -f ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}server.pem ${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}chain.pem
&& sleep 2600 "
volumes:
- test3-cht-ssl:${SSL_VOLUME_MOUNT_PATH:-/root/.acme.sh/}
volumes:
test3-cht-ssl:
Then populate the volume with: SSL_VOLUME_MOUNT_PATH=/etc/nginx/private/ docker-compose -f docker-compose_load-certs.yml up
Then do AT:
SSL_VOLUME_MOUNT_PATH=/etc/nginx/private/ CHT_COMPOSE_PROJECT_NAME=test3 COUCHDB_SECRET=foo DOCKER_CONFIG_PATH=./ COUCHDB_DATA=./couchd CHT_COMPOSE_PATH=./ COUCHDB_USER=medic COUCHDB_PASSWORD=password CERTIFICATE_MODE=OWN_CERT docker-compose up
curl
like this:
curl --silent -v -I https://127-0-0-1.my.local-ip.co 2>&1 |egrep 'SSL connection|subject:'
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
* subject: CN=*.my.local-ip.co
logs for the nginx
container showed:
docker logs test3_nginx_1|egrep -i 'CERT|self|ssl|generat|exist'|grep -v entrypoi
Running SSL certificate checks
SSL certificate exists.
Launching Nginx
CERTIFICATE MODE = OWN_CERT
4.0.0-7778-bulk-delete-redesign
worked as expectedcc @medic/quality-assurance
User: Admin Site: local/docker Platform: MacOs, Linux, Windows / Chrome, Firefox Test Steps: Steps for test
1. Check if there is documentation for this > for all OS we support 2. Check that it works Expected Result: User should have comprehensive documentation. No error during installation and/or update