diff --git a/kong-0.4.2-1.rockspec b/kong-0.4.2-1.rockspec index 42e0a3fcf484..e607aa1503b8 100644 --- a/kong-0.4.2-1.rockspec +++ b/kong-0.4.2-1.rockspec @@ -182,5 +182,5 @@ build = { conf = { "kong.yml" }, bin = { "bin/kong" } }, - copy_directories = { "database/migrations/", "ssl" } + copy_directories = { "database/migrations/" } } diff --git a/kong/cli/utils/signal.lua b/kong/cli/utils/signal.lua index 830968af9c51..8a8bc2eb6439 100644 --- a/kong/cli/utils/signal.lua +++ b/kong/cli/utils/signal.lua @@ -85,7 +85,11 @@ local function prepare_nginx_working_dir(args_config) -- Create logs files os.execute("touch "..IO.path:join(kong_config.nginx_working_dir, "logs", "error.log")) os.execute("touch "..IO.path:join(kong_config.nginx_working_dir, "logs", "access.log")) - + -- Create SSL folder if needed + local _, err = IO.path:mkdir(IO.path:join(kong_config.nginx_working_dir, "ssl")) + if err then + cutils.logger:error_exit(err) + end -- TODO: this is NOT the place to do this. -- @see https://github.com/Mashape/kong/issues/92 for configuration validation/defaults -- @see https://github.com/Mashape/kong/issues/217 for a better configuration file @@ -102,6 +106,7 @@ local function prepare_nginx_working_dir(args_config) cutils.logger:warn("Setting \"memory_cache_size\" to default 128MB") end + ssl.prepare_ssl(kong_config) local ssl_cert_path, ssl_key_path = ssl.get_ssl_cert_and_key(kong_config) local trusted_ssl_cert_path = kong_config.databases_available[kong_config.database].properties.ssl_certificate -- DAO ssl cert @@ -223,7 +228,6 @@ function _M.prepare_kong(args_config, signal) cutils.logger:info("Connecting to the database...") prepare_database(args_config) - ssl.prepare_ssl() prepare_nginx_working_dir(args_config, signal) end diff --git a/kong/cli/utils/ssl.lua b/kong/cli/utils/ssl.lua index 4e7a0c732cc9..d7e85015150d 100644 --- a/kong/cli/utils/ssl.lua +++ b/kong/cli/utils/ssl.lua @@ -14,8 +14,8 @@ function _M.get_ssl_cert_and_key(kong_config) ssl_cert_path = kong_config.ssl_cert_path ssl_key_path = kong_config.ssl_key_path else - ssl_cert_path = IO.path:join(cutils.get_luarocks_install_dir(), "ssl", "kong-default.crt") - ssl_key_path = IO.path:join(cutils.get_luarocks_install_dir(), "ssl", "kong-default.key") + ssl_cert_path = IO.path:join(kong_config.nginx_working_dir, "ssl", "kong-default.crt") + ssl_key_path = IO.path:join(kong_config.nginx_working_dir, "ssl", "kong-default.key") end -- Check that the file exists @@ -29,9 +29,14 @@ function _M.get_ssl_cert_and_key(kong_config) return ssl_cert_path, ssl_key_path end -function _M.prepare_ssl() - local ssl_cert_path = IO.path:join(cutils.get_luarocks_install_dir(), "ssl", "kong-default.crt") - local ssl_key_path = IO.path:join(cutils.get_luarocks_install_dir(), "ssl", "kong-default.key") +local function is_sudo() + local _, code = IO.os_execute("id -u") + return code == 0 +end + +function _M.prepare_ssl(kong_config) + local ssl_cert_path = IO.path:join(kong_config.nginx_working_dir, "ssl", "kong-default.crt") + local ssl_key_path = IO.path:join(kong_config.nginx_working_dir, "ssl", "kong-default.key") if not (IO.file_exists(ssl_cert_path) and IO.file_exists(ssl_key_path)) then -- Autogenerating the certificates for the first time @@ -40,6 +45,8 @@ function _M.prepare_ssl() local file_name = os.tmpname() local passphrase = utils.random_string() + local sudo = is_sudo() and "sudo" or "" + local res, code = IO.os_execute([[ cd /tmp && \ openssl genrsa -des3 -out ]]..file_name..[[.key -passout pass:]]..passphrase..[[ 1024 && \ @@ -47,8 +54,8 @@ function _M.prepare_ssl() cp ]]..file_name..[[.key ]]..file_name..[[.key.org && \ openssl rsa -in ]]..file_name..[[.key.org -out ]]..file_name..[[.key -passin pass:]]..passphrase..[[ && \ openssl x509 -req -in ]]..file_name..[[.csr -signkey ]]..file_name..[[.key -out ]]..file_name..[[.crt && \ - sudo mv ]]..file_name..[[.crt ]]..ssl_cert_path..[[ && \ - sudo mv ]]..file_name..[[.key ]]..ssl_key_path) + mv ]]..file_name..[[.crt ]]..ssl_cert_path..[[ && \ + mv ]]..file_name..[[.key ]]..ssl_key_path) if code ~= 0 then cutils.logger:error_exit("There was an error when auto-generating the default SSL certificate: "..res) diff --git a/spec/plugins/ssl/access_spec.lua b/spec/plugins/ssl/access_spec.lua index 498c7cc1471e..63c2abdd2806 100644 --- a/spec/plugins/ssl/access_spec.lua +++ b/spec/plugins/ssl/access_spec.lua @@ -5,7 +5,6 @@ local IO = require "kong.tools.io" local http_client = require "kong.tools.http_client" local cjson = require "cjson" local ssl_fixtures = require "spec.plugins.ssl.fixtures" -local cutils = require "kong.cli.utils" local STUB_GET_SSL_URL = spec_helper.STUB_GET_SSL_URL local STUB_GET_URL = spec_helper.STUB_GET_URL @@ -93,8 +92,10 @@ describe("SSL Plugin", function() local response = http_client.get(API_URL.."/apis/", {public_dns="ssl3.com"}) local api_id = cjson.decode(response).data[1].id - local ssl_cert_path = IO.path:join(cutils.get_luarocks_install_dir(), "ssl", "kong-default.crt") - local ssl_key_path = IO.path:join(cutils.get_luarocks_install_dir(), "ssl", "kong-default.key") + local kong_working_dir = spec_helper.get_env(spec_helper.TEST_CONF_FILE).configuration.nginx_working_dir + + local ssl_cert_path = IO.path:join(kong_working_dir, "ssl", "kong-default.crt") + local ssl_key_path = IO.path:join(kong_working_dir, "ssl", "kong-default.key") local res = IO.os_execute("curl -s -o /dev/null -w \"%{http_code}\" "..API_URL.."/apis/"..api_id.."/plugins/ --form \"name=ssl\" --form \"value.cert=@"..ssl_cert_path.."\" --form \"value.key=@"..ssl_key_path.."\"") assert.are.equal(201, tonumber(res)) diff --git a/ssl/README.md b/ssl/README.md deleted file mode 100644 index 66d561f74e5c..000000000000 --- a/ssl/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# SSL - -This is the directory where Kong will place the auto-generated default SSL certificate and key. \ No newline at end of file