alecmuffett/eotk

Support CentOS

tomrittervg opened this issue · 2 comments

Lots of things are needed, I'm opening this as a stub so I don't forget some random ones I encounter.

  1. /etc/pki/tls/openssl.cnf is the location on CentOS7

If you're just testing, I have an Ubuntu-based Docker image which works very well on CentOS 7. See here if you're interested.

It's mostly targeting testing rather than production, so it just drops you into a shell with eotk set up and ready to go when you run it, though it could be converted relatively easily for a production deployment.

When it comes to CentOS, it looks like the default build flags for the Red Hat provided nginx build don't include some of the modules EOTK relies on (ngx_subs_filter in particular), whereas Ubuntu's do. For a native CentOS script, we'd need to manually compile nginx with the relevant modules.

The Docker method lets you avoid installing a compiler and a bunch of dependencies on your CentOS host, which you might not want to do for various reasons.

Hopefully this helps somebody at least.


Edit: If you have Docker already installed, you can run this in a single line with:

docker run -it --cap-drop=all --name eotk ajhaydock/eotk

(With the obvious caveat that I'm strictly not advocating the use of public containers from Docker Hub for anything other than initial basic testing.)

Here's a patch that I think works...

--- a/lib.d/make-selfsigned-wildcard-ssl-cert.sh
+++ b/lib.d/make-selfsigned-wildcard-ssl-cert.sh
@@ -23,9 +23,14 @@ DAYS=30 # cert lifetime

 BREW_OPENSSL=/usr/local/opt/openssl/bin/openssl

+CENTOS_OPENSSL_CNF=/etc/pki/tls/openssl.cnf
+
 if [ -f $BREW_OPENSSL ] ; then
     OPENSSL=$BREW_OPENSSL
     OPENSSL_CONFIG=/usr/local/etc/openssl/openssl.cnf
+elif [ -f $CENTOS_OPENSSL_CNF ]; then
+    OPENSSL=openssl
+    OPENSSL_CONFIG=$CENTOS_OPENSSL_CNF
 else
     OPENSSL=openssl
     OPENSSL_CONFIG=/etc/ssl/openssl.cnf