request help: move `conf/cert` to `t/cert` #2110

moonming · 2020-08-24T01:20:42Z

all of these files are ONLY for test cases.

Yiyiyimu · 2020-08-24T02:51:20Z

Do we also need to change the path in Makefile?

Line 124 in 1aefe91

$(INSTALL) conf/cert/apisix.* /usr/local/apisix/conf/cert/

moonming · 2020-08-24T02:56:14Z

Do we also need to change the path in Makefile?

apisix/Makefile

Line 124 in 1aefe91

$(INSTALL) conf/cert/apisix.* /usr/local/apisix/conf/cert/

we shoule remove this line :)

Yiyiyimu · 2020-08-24T05:16:55Z

we shoule remove this line :)

Sure thx

Yiyiyimu · 2020-08-24T06:03:39Z

apisix/bin/apisix

Lines 289 to 303 in 1aefe91

    
                   {%if https_admin then%} 
        
                   listen {* port_admin *} ssl; 
        
                   {%if admin_api_mtls and admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert ~= "" and 
        
                    admin_api_mtls.admin_ssl_cert_key and admin_api_mtls.admin_ssl_cert_key ~= "" and 
        
                    admin_api_mtls.admin_ssl_ca_cert and admin_api_mtls.admin_ssl_ca_cert ~= "" 
        
                   then%} 
        
                   ssl_verify_client on; 
        
                   ssl_certificate      {* admin_api_mtls.admin_ssl_cert *}; 
        
                   ssl_certificate_key  {* admin_api_mtls.admin_ssl_cert_key *}; 
        
                   ssl_client_certificate {* admin_api_mtls.admin_ssl_ca_cert *}; 
        
                   {% else %} 
        
                   ssl_certificate      cert/apisix_admin_ssl.crt; 
        
                   ssl_certificate_key  cert/apisix_admin_ssl.key; 
        
                   {%end%}

apisix/bin/apisix

Lines 366 to 367 in 1aefe91

    
                   ssl_certificate      cert/apisix.crt; 
        
                   ssl_certificate_key  cert/apisix.key;

It seems need to configure ssl_certificate when start apisix

moonming · 2020-08-24T09:43:01Z

the default of https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L64 is empty, so I think we can also remove

apisix/bin/apisix

Lines 366 to 367 in 1aefe91

    
                   ssl_certificate      cert/apisix.crt; 
        
                   ssl_certificate_key  cert/apisix.key;

.
@nic-chen what do you think?

nic-chen · 2020-08-24T11:25:22Z

the default of https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L64 is empty, so I think we can also remove

apisix/bin/apisix

Lines 366 to 367 in 1aefe91

ssl_certificate cert/apisix.crt;

ssl_certificate_key cert/apisix.key;

.
@nic-chen what do you think?

sure, i think it's better empty default.

Yiyiyimu · 2020-08-24T16:23:22Z

the default of https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L64 is empty, so I think we can also remove

apisix/bin/apisix

Lines 366 to 367 in 1aefe91

ssl_certificate cert/apisix.crt;

ssl_certificate_key cert/apisix.key;

.
@nic-chen what do you think?

@moonming But when the default is set to empty, apisix would choose to use cert&key in conf/cert

apisix/bin/apisix

Lines 289 to 303 in 1aefe91

    
                   {%if https_admin then%} 
        
                   listen {* port_admin *} ssl; 
        
                   {%if admin_api_mtls and admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert ~= "" and 
        
                    admin_api_mtls.admin_ssl_cert_key and admin_api_mtls.admin_ssl_cert_key ~= "" and 
        
                    admin_api_mtls.admin_ssl_ca_cert and admin_api_mtls.admin_ssl_ca_cert ~= "" 
        
                   then%} 
        
                   ssl_verify_client on; 
        
                   ssl_certificate      {* admin_api_mtls.admin_ssl_cert *}; 
        
                   ssl_certificate_key  {* admin_api_mtls.admin_ssl_cert_key *}; 
        
                   ssl_client_certificate {* admin_api_mtls.admin_ssl_ca_cert *}; 
        
                   {% else %} 
        
                   ssl_certificate      cert/apisix_admin_ssl.crt; 
        
                   ssl_certificate_key  cert/apisix_admin_ssl.key; 
        
                   {%end%}

Yiyiyimu · 2020-09-05T04:02:47Z

Hi @moonming @nic-chen any suggestions?

moonming added help wanted good first issue labels Aug 24, 2020

Yiyiyimu linked a pull request that will close this issue Aug 24, 2020

fix: move `conf/cert` to `t/certs` #2112

Open

2 of 4 tasks complete

Aug	SEP	Oct
	07
2019	2020	2021

apache / apisix

request help: move `conf/cert` to `t/cert` #2110

request help: move `conf/cert` to `t/cert` #2110

moonming commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020

moonming commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020 •

edited

moonming commented Aug 24, 2020

nic-chen commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020 •

edited

Yiyiyimu commented Sep 5, 2020

apache / apisix

Join GitHub today

request help: move `conf/cert` to `t/cert` #2110

request help: move `conf/cert` to `t/cert` #2110

Comments

moonming commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020

moonming commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020 • edited

moonming commented Aug 24, 2020

nic-chen commented Aug 24, 2020

Yiyiyimu commented Aug 24, 2020 • edited

Yiyiyimu commented Sep 5, 2020

Yiyiyimu commented Aug 24, 2020 •

edited

Yiyiyimu commented Aug 24, 2020 •

edited