Test Self signed Certificate

Question

Test Self signed Certificate

ngaruko opened this issue 2 years ago · 3 comments

ngaruko commented 2 years ago

User: Admin
Site: local/docker
Platform: MacOs, Linux, Windows / Chrome, Firefox
Test Steps: Steps for test

Check if there is documentation for this > for all OS we support
Check that it works

Expected Result:
User should have comprehensive documentation. No error during installation and/or update

Answer 1 · 2022-11-02T03:11:34.000Z

Check if there is documentation for this > for all OS we support

@garethbowen @ngaruko - I believe we were OK shipping CHT 4.0 with out documentation. Do we want to make this step a part of AT then?

Answer 2 · 2022-11-02T03:23:52.000Z

AT passes

Setup is to wget latest files:

wget  https://staging.dev.medicmobile.org/_couch/builds/medic:medic:master/docker-compose/cht-couchdb.yml
wget https://staging.dev.medicmobile.org/_couch/builds/medic:medic:master/docker-compose/cht-core.yml
wget https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.yml

Then do AT:

no full public docs on the docs site, but we have a decent readme
this command uses implicit use of self signed certs, and it works: CHT_COMPOSE_PROJECT_NAME=test3 COUCHDB_SECRET=foo DOCKER_CONFIG_PATH=./ COUCHDB_DATA=.//couchd CHT_COMPOSE_PATH=./ COUCHDB_USER=medic COUCHDB_PASSWORD=password docker-compose up
this command uses explicit self signed certs and it works: CHT_COMPOSE_PROJECT_NAME=test3 COUCHDB_SECRET=foo DOCKER_CONFIG_PATH=./ COUCHDB_DATA=.//couchd CHT_COMPOSE_PATH=./ COUCHDB_USER=medic COUCHDB_PASSWORD=password CERTIFICATE_MODE=SELF_SIGNED docker-compose up

validation that "it works" was done with curl like this:

curl -I https://localhost
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

As well the browser showed a self signed cert warning

logs for the nginx container showed:

docker logs test3_nginx_1|egrep -i 'CERT|self|ssl|generat'
Running SSL certificate checks
Generating a RSA private key
....................................++++
....++++
writing new private key to '/etc/nginx/private/key.pem'
-----
Launching Nginx
/docker-entrypoint.sh: Launching /docker-entrypoint.d/ssl-install.sh
CERTIFICATE MODE = SELF_SIGNED

finally, upgrading to branch 4.0.0-migrate-contact-edit-test worked as expected

Answer 3 · 2022-11-02T19:26:39.000Z

Thanks @mrjones-plip