Support CentOS
tomrittervg opened this issue · 2 comments
Lots of things are needed, I'm opening this as a stub so I don't forget some random ones I encounter.
- /etc/pki/tls/openssl.cnf is the location on CentOS7
If you're just testing, I have an Ubuntu-based Docker image which works very well on CentOS 7. See here if you're interested.
It's mostly targeting testing rather than production, so it just drops you into a shell with eotk set up and ready to go when you run it, though it could be converted relatively easily for a production deployment.
When it comes to CentOS, it looks like the default build flags for the Red Hat provided nginx build don't include some of the modules EOTK relies on (ngx_subs_filter
in particular), whereas Ubuntu's do. For a native CentOS script, we'd need to manually compile nginx with the relevant modules.
The Docker method lets you avoid installing a compiler and a bunch of dependencies on your CentOS host, which you might not want to do for various reasons.
Hopefully this helps somebody at least.
Edit: If you have Docker already installed, you can run this in a single line with:
docker run -it --cap-drop=all --name eotk ajhaydock/eotk
(With the obvious caveat that I'm strictly not advocating the use of public containers from Docker Hub for anything other than initial basic testing.)
Here's a patch that I think works...
--- a/lib.d/make-selfsigned-wildcard-ssl-cert.sh
+++ b/lib.d/make-selfsigned-wildcard-ssl-cert.sh
@@ -23,9 +23,14 @@ DAYS=30 # cert lifetime
BREW_OPENSSL=/usr/local/opt/openssl/bin/openssl
+CENTOS_OPENSSL_CNF=/etc/pki/tls/openssl.cnf
+
if [ -f $BREW_OPENSSL ] ; then
OPENSSL=$BREW_OPENSSL
OPENSSL_CONFIG=/usr/local/etc/openssl/openssl.cnf
+elif [ -f $CENTOS_OPENSSL_CNF ]; then
+ OPENSSL=openssl
+ OPENSSL_CONFIG=$CENTOS_OPENSSL_CNF
else
OPENSSL=openssl
OPENSSL_CONFIG=/etc/ssl/openssl.cnf