Configurable location of SSL certificate and private key files in container.

mabrarov · mabrarov · commit 0c9805d29812 · 2023-06-03T01:52:32.000+03:00
diff --git a/README.md b/README.md
@@ -86,6 +86,7 @@ Use volume mounting to substitute the certificate and private key with your own.
             - /etc/ssl/certs/ssl-cert-snakeoil.pem:/app/fullchain.pem
             - /etc/ssl/private/ssl-cert-snakeoil.key:/app/privkey.pem
 
+`/app/fullchain.pem` and `/app/privkey.pem` paths can be changed - use `HTTPS_CERT_FILE` and `HTTPS_KEY_FILE` environment variables to define location of existing certificate and private key inside container.
 
 
 ## Decode JWT header
diff --git a/index.js b/index.js
@@ -121,8 +121,8 @@ app.all('*', (req, res) => {
 });
 
 let sslOpts = {
-  key: require('fs').readFileSync('privkey.pem'),
-  cert: require('fs').readFileSync('fullchain.pem')
+  key: require('fs').readFileSync(process.env.HTTPS_KEY_FILE || 'privkey.pem'),
+  cert: require('fs').readFileSync(process.env.HTTPS_CERT_FILE || 'fullchain.pem')
 };
 
 //Whether to enable the client certificate feature
diff --git a/tests.sh b/tests.sh
@@ -364,6 +364,39 @@ fi
 message " Stop containers "
 docker stop http-echo-tests
 
+message " Check that SSL certificate and private key are loaded from custom location"
+cert_common_name="server.example.net"
+https_cert_file="$(pwd)/server_fullchain.pem"
+https_key_file="$(pwd)/server_privkey.pem"
+# Generate a new self signed cert locally
+openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout "${https_key_file}" -out "${https_cert_file}" \
+       -subj "/CN=${cert_common_name}" \
+       -addext "subjectAltName=DNS:${cert_common_name}"
+chmod a+r "${https_cert_file}"
+chmod a+r "${https_key_file}"
+container_https_cert_file="/test/tls.crt"
+container_https_key_file="/test/tls.key"
+docker run -d --rm \
+  -v "${https_cert_file}:${container_https_cert_file}:ro,z" \
+  -e HTTPS_CERT_FILE="${container_https_cert_file}" \
+  -v "${https_key_file}:${container_https_key_file}:ro,z" \
+  -e HTTPS_KEY_FILE="${container_https_key_file}" \
+  --name http-echo-tests -p 8443:8443 -t mendhak/http-https-echo
+sleep 5
+
+REQUEST_WITH_STATUS_CODE="$(curl -s --cacert "$(pwd)/server_fullchain.pem" -o /dev/null -w "%{http_code}" \
+  --resolve "${cert_common_name}:8443:127.0.0.1" "https://${cert_common_name}:8443/hello-world")"
+if [ "${REQUEST_WITH_STATUS_CODE}" = 200 ]
+then
+    passed "Server certificate and private key are loaded from configured custom location"
+else
+    failed "HTTPS request failed"
+    exit 1
+fi
+
+message " Stop containers "
+docker stop http-echo-tests
+
 message " Check that environment variables returned in response if enabled"
 docker run -d --rm -e ECHO_INCLUDE_ENV_VARS=1 --name http-echo-tests -p 8080:8080 -p 8443:8443 -t mendhak/http-https-echo
 sleep 5
